Mon.Jan 27, 2020

Russian Cybercrime Boss Burkov Pleads Guilty

Krebs on Security

Aleksei Burkov , an ultra-connected Russian hacker once described as “an asset of supreme importance” to Moscow, has pleaded guilty in a U.S.

Are Companies Adhering to CCPA Requirements?

Data Breach Today

Some Are Not Giving Customers Option to Opt out of Data Sale, Legal Experts Say Many companies that should be offering customers the ability to "opt out" of the sale of their information under the California Consumer Privacy Act are failing to do so because of the law's ambiguities, some legal experts say. CCPA went into effect Jan. 1, but it won't be enforced until July.

Sales 191

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

The vendor Fortinet has finally released security patches to remove the hardcoded SSH keys in Fortinet SIEM appliances. Fortinet has finally released security updates to remove the hardcoded SSH keys in Fortinet SIEM appliances.

Police Bust 3 Suspected Magecart Hackers in Indonesia

Data Breach Today

Operation Night Fury Targets JavaScript Skimming Gangs Hitting E-Commerce Sites Police in Indonesia have arrested three suspected members of an e-commerce hacking crew that employed JavaScript sniffing code to steal customer and payment card data, as part of Interpol's ongoing anti-skimming operation, codenamed "Night Fury," targeting hackers in southeast Asia.

185
185

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Attacks on Citrix servers increase after the release of CVE-2019-19781 exploits

Security Affairs

Citrix has released security patches for the recently disclosed CVE-2019-19781 flaw, but the number of attacks on vulnerable systems is increasing.

Risk 94

More Trending

Mozilla banned hundreds of malicious Firefox add-ons over the last weeks

Security Affairs

Mozilla is intensifying the efforts to protect its users, in the last couple of weeks, the security staff has banned 200 malicious Firefox add-ons. Over the past two weeks, Mozilla has reviewed and banned 197 Firefox add-ons because they were executing malicious code.

B2B 93

Health Data Breach Not Reported for Seven Months

Data Breach Today

Phishing Incident Affected Nearly 200,000 A California healthcare provider took nearly seven months to report to regulators a phishing incident that exposed information on 200,000 patients. Security experts are analyzing whether the delay could be justifiable

Aggah: How to run a botnet without renting a Server (for more than a year)

Security Affairs

Experts from Yoroi-Cybaze ZLab have spotted new attack attempts directed to some Italian companies operating in the Retail sector linked to Aggah campaign. Introduction. During the last year, we constantly kept track of the Aggah campaigns.

Sen. Wyden Asks NSA About Trump Administration Device Security

Data Breach Today

Senator Voices Concerns in Light of Report That Jeff Bezos' Smartphone Was Hacked U.S. Senator Ron Wyden, D-Ore.,

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Modern Mass Surveillance: Identify, Correlate, Discriminate

Schneier on Security

Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide ban may follow).

US Agency Hit With N. Korean-Themed Phishing: Report

Data Breach Today

Researchers Suspect Konni APT Group Involved A spear-phishing campaign targeted a U.S. government agency for several months last year using emails with content about North Korea geopolitics as a lure, according to an analysis from Palo Alto Networks' Unit 42

Greater Focus on Privacy Pays Off for Firms

Dark Reading

Privacy-mature companies complete sales more quickly, have fewer and less serious breaches, and recover from incidents faster, according to Cisco's annual survey

Sales 83

Dave DeWalt on Securing Business-Critical Applications

Data Breach Today

Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of Onapsis, a vendor focused on securing business-critical applications. In this exclusive interview, DeWalt opens up on application vulnerabilities, the evolution of the nation-state threat and technologies to watch in 2020

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Which was the most common threat to macOS devices in 2019? Shlayer malware

Security Affairs

Malware authors continue to show interest in macOS devices, Kaspersky experts confirmed that the Shlayer malware has been the most common threat to the macOS platform. Security experts from Kaspersky Lab revealed that the Shlayer malware was the most widespread macOS threat in 2019.

IT 80

Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw

WIRED Threat Level

Intel's made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third time’s the charm? Security / Cyberattacks and Hacks

IT 78

Avast Subsidiary Sells User Browsing History

Adam Levin

A subsidiary of Avast antivirus is selling sensitive user browsing data to many companies, including Revlon, Microsoft, Google, Yelp, Condé Nast, and TripAdvisor.

Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world

Security Affairs

More details emerged from the recently disclosed Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of e-commerce. Operators of the JavaScript-sniffer family, dubbed «GetBilling» by Group-IB, were arrested in Indonesia.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

N.Y. Could Ban Cities from Paying Ransomware Attackers

Threatpost

State senators have issued proposals they say would encourage municipalities to upgrade their cyber-postures. Government Malware ban municipalities new york state ransomware payments Senate Bill S7246 senate bills to pay or not to pay

One Small Fix Would Curb Stingray Surveillance

WIRED Threat Level

The technology needed to limit stingrays is clear—but good luck getting telecoms on board. Security Security / Privacy

How to Get the Most Out of Your Security Metrics

Dark Reading

There's an art to reporting security metrics so that they speak the language of leadership and connect the data from tools to business objectives

Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox

Threatpost

After discovering a wide pattern of potentially malicious behavior in browser extensions, the two search giants are cracking down.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Smartphone Election in Washington State

Schneier on Security

This year : King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology.

Paper 64

Did H&M spy on its German employees? Privacy watchdog opens an investigation

Security Affairs

A German p rivacy watchdog is investigating into clothing retailer H&M because it was allegedly spying on its customer service representatives in Germany.

Industry 4.0 is profoundly impacting the customer experience

OpenText Information Management

In not the too distant past, companies carried out business the old fashion way, where paper was the norm and customers walked into a brick and mortar buildings to obtain and buy a product or service.

IG Podcast by IGW features Andrew Ysasi talking IG Leadership

IG Guru

Andrew discusses with Robert Smallwood about certifications, job development, resumes, and leadership trends IG pros should be aware of. Listen to the podcast here. The post IG Podcast by IGW features Andrew Ysasi talking IG Leadership appeared first on IG GURU.

Average Ransomware Payments More Than Doubled in Q4 2019

Dark Reading

Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says

Mandatory IoT Security in the Offing with U.K. Proposal

Threatpost

The new U.K. law mandates that manufacturers apply several security controls to their connected devices. Government IoT default password Device security Internet of things iot legislation iot manufacturers IoT security Password regulation Security Updates tech law Uk gov law uk law

IoT 74

Seven Years Later, Scores of EAS Systems sit Un-patched, Vulnerable

The Security Ledger

Two years after a false EAS alert about an incoming ICBM sowed terror in Hawaii, and seven years after security researchers warned about insecure, Internet connected Emergency Alert System (EAS) hardware, scores of the devices across the U.S.

IoT 52

The punitive approach to U.S. data privacy regulation will backfire

Information Management Resources

Designing far-reaching legislation in the current atmosphere of fear and anger – not to mention during a U.S. election year – is a mistake. Data privacy Data security Data management