Wed.Feb 26, 2020

Ransomware Attacks Growing More Targeted and Professional

Data Breach Today

McAfee's John Fokker Charts the Increasingly Advanced Cybercrime Service Economy Ransomware-wielding attackers - aided by a service economy that gives them access to more advanced attack tools - are increasingly targeting organizations rather than individuals to shake them down for bigger ransom payoffs, says McAfee's John Fokker.

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware.

IT 201

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cloud Protection: How to Secure Server Environments

Data Breach Today

Jake King of Cmd Charts the Evolution of Cloud Workload Protection Platforms Development teams are increasingly building and deploying for the cloud, but DevOps practices too often fail to account for what happens after applications go from development into production and maintenance - and the ongoing security challenges they will face, says Jake King, CEO, of Cmd.

Cloud 205

Newly Declassified Study Demonstrates Uselessness of NSA's Phone Metadata Program

Schneier on Security

The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study. Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday. [.]. The privacy board, working with the intelligence community, got several additional salient facts declassified as part of the rollout of its report. Among them, it officially disclosed that the system has gained access to Americans' cellphone records, not just logs of landline phone calls. It also disclosed that in the four years the Freedom Act system was operational, the National Security Agency produced 15 intelligence reports derived from it. The other 13, however, contained information the F.B.I. had already collected through other means, like ordinary subpoenas to telephone companies. The report cited two investigations in which the National Security Agency produced reports derived from the program: its analysis of the Pulse nightclub mass shooting in Orlando, Fla., in June 2016 and of the November 2016 attack at Ohio State University by a man who drove his car into people and slashed at them with a machete. But it did not say whether the investigations into either of those attacks were connected to the two intelligence reports that provided unique information not already in the possession of the F.B.I. This program is legal due to the USA FREEDOM Act, which expires on March 15. Congress is currently debating whether to extend the authority, even though the NSA says it's not using it now. intelligence metadata nationalsecuritypolicy nsa phones

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

OnDemand Webinar | Fighting Fraud With Connected Security

Data Breach Today

How to Get Started in Implementing a More Connected Security Strategy View this webinar and learn how to fight fraud with a connected security strategy

More Trending

Sizing Up the Roles of Behavioral Analytics, 'Zero Trust'

Data Breach Today

Security Experts Discuss Authentication Challenges in the Financial Services Sector Improvements in behavioral biometrics and analytics are changing the way many financial services firms approach authentication.

Silence Hacking Crew threatens Australian banks of DDoS attacks

Security Affairs

DDoS extortionists are blackmailing Australian banks asking for payments of large sums in Monero cryptocurrency threatening DDoS attacks. Cybercriminals are threatening Australian banks of DDoS attacks if they will not pay large sums in Monero cryptocurrency.

Cloud 91

Experts Warn: Targeted Ransomware Attacks to Surge

Data Breach Today

McAfee and Microsoft Analysts Review 'Ransomware as a Service' Trends Targeted ransomware attacks against enterprises and government agencies are likely to surge in the coming months as "ransomware as a service" continues to evolve into a lucrative model for cybercriminals, security experts interviewed at RSA 2020 warn.

Elastic Security Makes Case For Blending 'Human Element,' Election Security

Dark Reading

Nate Fick, general manager of Elastic and former CEO of Endgame, talks about the impact of AI and machine learning on security professionals, and how what technologies can be tapped to improve security in the runup to November's election

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Security and Privacy: Often Aligned, But Sometimes Not

Data Breach Today

Few Continue to Conflate Security and Privacy, Says Attorney James Shreve Not so long ago, many were confused about how security and privacy differ, but that has been rapidly changing, thanks to regulations such as the European Union's General Data Protection Regulation and California's Consumer Privacy Act, says attorney James Shreve, a partner at Thompson Coburn LLP.

Kr00k Wi-Fi Vulnerability Affected a Billion Devices

Dark Reading

Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung

OnDemand Webinar | How CISOs Scale Their AppSec Programs

Data Breach Today

How to Automate the Process in a CI/CD Pipeline. View this webinar and learn how to scale your AppSec program

141
141

5 Ways to Up Your Threat Management Game

Dark Reading

Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management

IT 85

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Modified Draft CCPA Regulations: How They Impact Businesses

Data Breach Today

In an in-depth interview, privacy expert Caitlin Fennessy sorts through modified draft regulations to carry out the California Consumer Privacy Act that are designed to help businesses take a more pragmatic approach to privacy

Reading Municipal Light Department, an electric utility in Massachusetts, hit by ransomware

Security Affairs

The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack. This week, the Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack.

Reducing Security Complexity a Top Challenge for CISOs

Data Breach Today

Cisco's Jeff Reed on the Automation, Visibility and Integration Imperative Reducing security complexity remains one of the toughest challenges facing CISOs, driven by the non-stop increase in threats, says Jeff Reed of Cisco.

Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions

Dark Reading

Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy

Risk 80

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Sports retail giant Decathlon leaks 123 million customer and employee records

IT Governance

Decathlon, the world’s largest sporting goods retailer, has suffered a massive data breach, affecting 123 million customer and employee records. Cyber security researchers at vpnMentor found a leaky database on a publicly accessible Elasticsearch server.

Sophos Boosts Threat Hunting, Managed Detection and Response Capabilities

Dark Reading

JJ Thompson, senior director of managed threat response for Sophos digs deep into how organizations can start to make sense of the seemingly unlimited data that's available from endpoints, cloud, and on-premises networks. And that's a critical capability as attacker behaviors start to change

Cloud 74

Contemplating the GDPR’s Right to Be Forgotten

InfoGoTo

Among a number of compliance challenges for organizations subject to the European Union’s data privacy regulation is the right to be forgotten, which is also referred to, perhaps misleadingly, as the right to erasure.

GDPR 73

Tufin: How to Make Better Sense of the Cloud Security Equation

Dark Reading

CEO Reuven Harrison examines how cloud services have changed how enterprises manage their apps and data, and also offers some tips for security pros tasked with managing either hybrid- or multi-cloud implementations.

Cloud 74

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Fbot re-emerged, the backstage

Security Affairs

Mirai Fbot is back with the stronger infection speed, “Currently FBOT’s infection speed is about 100 nodes per day. Don’t trust me, trust the number” , said the researcher who figured the come-back …”.

IoT 72

Billions of Devices Open to Wi-Fi Eavesdropping Attacks

Threatpost

The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Security Affairs

Researchers from Cybaze Yoroi ZLab have spotted a new campaign exploiting the interest in coronavirus (COVID-19) evolution to spread malware. Introduction. Nowadays, it is common to say that the physical world and the cyber world are strictly connected.

Emotet Resurfaces to Drive 145% of Threats in Q4 2019

Dark Reading

Analysis of 92 billion rejected emails reveals a range of simple and complex attack techniques for the last quarter of 2019

68

Samsung leaked data of a few UK Customers

Security Affairs

The South Korean multinational conglomerate Samsung announced that customers’ personal information was leaked online due to a “technical error”. Samsung announced that customers’ personal information was exposed online through its website due to a “technical error.”. The glitch only affected the U.K.

IT 69

Unpatched Security Flaws Open Connected Vacuum to Takeover

Threatpost

A connected, robotic vacuum cleaner has serious vulnerabilities that could allow remote hackers to view its video footage and launch denial of service attacks. Hacks IoT RSAC connected vacuum cleaner IoT security Ironpie M6 RSA RSA conference 2020 trifo vulnerability

IT 95

How to Prevent an AWS Cloud Bucket Data Leak

Dark Reading

Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story

Stalkerware Attacks Increased 50 Percent Last Year, Report

Threatpost

Research puts the emerging mobile threat—which monitors the whereabouts and device activity of devices users as well as collects personal data—into clearer focus.