Wed.Jul 29, 2020

Here’s Why Credit Card Fraud is Still a Thing

Krebs on Security

Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal.

Sales 193

GDPR Two Years On: Compliance Lessons Learned

Data Breach Today

Attorneys Discuss Gaps That Still Need To Be Addressed Now that it's been two years since enforcement of the European Union's General Data Protection Regulation began, three attorneys - Kelsey Finch, Jonathan Armstrong and David Dumont - reflect on the lessons learned so far and the compliance gaps that still need to be addressed.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Hackers Broke Into Real News Sites to Plant Fake Stories

WIRED Threat Level

A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO. Security Security / Cyberattacks and Hacks

Former Twitter Staffers Face Additional Charges

Data Breach Today

Charged in Connection With Cyberespionage for Saudi Arabia Federal prosecutors have filed a superseding indictment with additional charges against two former Twitter employees and a Saudi national who were originally charged in November.

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers.

Rapid Digitization and Risk: A Roundtable Preview

Data Breach Today

HID Global's Dean Stevenson on Strengthening Digital Channels with Advanced Authentication Suddenly, onboarding, servicing and securing digital accounts with advanced authentication techniques isn't just a priority for global enterprises; it is the priority.

Risk 160

More Trending

Navigating the Cybercrime Landscape

Data Breach Today

Global Transaction Patterns and Emerging Cybercrime Threats This report review details the anatomy of global fraud networks to better understand the global, regional and industry connections

160
160

Billions of Devices Impacted by Secure Boot Bypass

Threatpost

The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT ,IoT and home networks.

Privacy Provisions Pushed for COVID-19 Relief Bill

Data Breach Today

Democratic Senators Urge Inclusion of Health Data Safeguards A group of Democratic senators is urging Senate leaders to include in the next round of coronavirus economic relief legislation provisions for protecting the privacy of COVID-19 health data

Average Cost of a Data Breach: $3.86 Million

Dark Reading

New IBM study shows that security system complexity and cloud migration can amplify breach costs

Cloud 76

GOP Proposal: $53 Million for COVID-19 Research Security

Data Breach Today

Funding Would Give CISA More Tools to Thwart Cyberespionage As part of their latest COVID-19 economic relief legislation unveiled this week, Senate Republicans are proposing to allocate about $53 million to the U.S.

BootHole issue allows installing a stealthy and persistent malware

Security Affairs

Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader issue, dubbed BootHole, that can be exploited to install a stealthy malware.

How to Spot—and Avoid—Dark Patterns on the Web

WIRED Threat Level

You've seen them before: the UX ploys designed to trick you into spending money, or make it nearly impossible to unsubscribe. Here's what to look out for. Security Security / Security Advice

IT 73

The Future's Biggest Cybercrime Threat May Already Be Here

Dark Reading

Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster

72

Critical Magento Flaws Allow Code Execution

Threatpost

Adobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform. Vulnerabilities Web Security adobe code execution critical flaw CVE-2020-9689 CVE-2020-9690 eCommerce fix magecart Magento patch security vulnerability

IT 87

'BootHole' Vulnerability Exposes Secure Boot Devices to Attack

Dark Reading

A flaw in the GRUB2 bootloader affects most Linux devices and some Windows computers using UEFI Secure Boot

Having trouble talking about privacy in 2020?

IG Guru

Information privacy has boomed with new regulation such as GDPR and CCPA, but why do organizations still struggle with privacy matters? Maybe it is time to talk about cyber security WITH privacy. Even lead with cyber security.

GDPR 60

11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event

Dark Reading

More than 130 security researchers and developers are ready to showcase their work

Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security Systems

Threatpost

Algorithms clocked error rates of between 5% to 50% when comparing photos of people wearing digitally created masks with unmasked faces. Government Privacy algorithms coronavirus COVID-19 face masks facial recognition NIST

How to Decipher InfoSec Job Titles' Mysteries

Dark Reading

Figuring out which cybersecurity job you want -- or are qualified for -- can be difficult when words have no consistent meaning in the industry

Texas AG Investigates Facebook’s Use of Biometric Identifiers

Hunton Privacy

Texas Attorney General Ken Paxton is investigating Facebook Inc. Facebook”) for alleged violations of the Texas Business and Commercial Code, which contains provisions governing the collection, retention and disclosure of biometric data.

Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World

Dark Reading

Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent

IoT 58

Source Code from Microsoft, Adobe, Nintendo, and Others Leaked Online

Adam Levin

A collection of source code from companies including General Electric, Disney, Microsoft, Motorola, Qualcomm, Adobe, Nintendo and Microsoft has been aggregated and posted online. .

Security Flaws Discovered in OKCupid Dating Service

Dark Reading

Researchers identified a variety of vulnerabilities in apps and websites for the popular online dating platform

Announcing the Journey to AI Blog, the new home for IBM data and AI stories

IBM Big Data Hub

Welcome to the Journey to AI Blog , the new home for blog storytelling from across the IBM Data and AI business. Here you’ll find the latest news, client features, product launches, industry innovator spotlights and thought leadership from IBM executives

52

70,000+ WordPress Sites Affected by Critical Plug-in Flaw

Dark Reading

A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites

54

“Boothole” Bootloader Flaw Breaks Security on Most Linux, Windows Devices

The Security Ledger

A newly discovered vulnerability dubbed ‘Boothole’ compromises the foundation of device security for “virtually all Linux distributions” and some Microsoft's Windows devices that employ "Secure Boot" feature, according to a new report.

Dark Reading Video News Desk Returns to Black Hat

Dark Reading

Coming to you prerecorded from in front of carefully arranged bookcases around the world

53

Belgium: Belgian DPA imposes a EUR600,000 fine, its highest fine ever, on Google Belgium for non-compliance with right to be forgotten

DLA Piper Privacy Matters

Until recently, most decisions of the Belgian Data Protection Authority (Belgian DPA) concerned national companies or individuals.

GDPR 52

Off the Record: Cybersecurity and COVID-19

The Texas Record

By Rebecca Hanna, Anne Poulos, and Brady Cox. Tune in monthly for a curated collection of articles we found interesting on a broad range of topics, some which are directly related to records management and others which might share common themes.

Critical Bugs in Utilities VPNs Could Cause Physical Damage

Threatpost

Gear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn.

Level up your reporting capabilities with Jamf

Jamf on EdTech

Take your Apple IT Dashboards from 0-100 with these key takeaways from our last webinar

IT 52

Critical Security Flaw in WordPress Plugin Allows RCE

Threatpost

WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch. Vulnerabilities Web Security Comments – wpDiscuz critical flaw install patch remote code execution vulnerability wordpress Wordpress plugin

Thinking Forward: Taking the “I” Out of IT

Adapture

It’s no longer the 1990s?but but the phrase “information technology” is still stuck there. It's time to consider taking the "I" out of "IT." All technology contains/handles/processes information. The phrase “information technology” just repeats what we already know.

IT 52