Fri.Nov 15, 2019

New JavaScript Skimmer Found on Ecommerce Sites

Data Breach Today

Visa Security Researchers Say 'Pipka' Is Good at Avoiding Detection Security researchers at Visa have uncovered a new type of JavaScript skimmer that has infected the online checkout pages for at least 17 ecommerce websites in an effort to steal payment card data.

TPM-Fail Attacks Against Cryptographic Coprocessors

Schneier on Security

Really interesting research: TPM-FAIL: TPM meets Timing and Lattice Attacks , by Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger.

7 Takeaways: Insider Breach at Twitter

Data Breach Today

Bribing Employees Easier Than Hacking Silicon Valley, Security Experts Say Why try to hack Silicon Valley firms if you can buy off their employees instead?

Two men arrested for stealing $550,000 in cryptocurrency with Sim Swapping

Security Affairs

On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping. American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Phishing Campaigns Spoof Government Agencies: Report

Data Breach Today

Proofpoint Research Points to More Sophisticated Techniques A newly discovered hacking group is using an array of sophisticated spoofing and social engineering techniques to imitate government agencies, including the U.S.

More Trending

Roger Stone Found Guilty on All 7 Counts

Data Breach Today

Case Stems From Mueller's Investigation of Russian Election Interference Roger J. Stone, Jr.,

173
173

DDoS-for-Hire Services operator sentenced to 13 months in prison

Security Affairs

Sergiy P. , the administrator of DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised release. Sergiy P.

Risky Dialing: Trump Call Raises Security Worries

Data Breach Today

Experts Say Call Between Trump and Ambassador Could Have Been Intercepted A phone call between President Donald Trump and one of his key ambassadors in Ukraine at the time has raised concerns it could have been intercepted by Russian spies.

The Australian Parliament was hacked earlier this year

Security Affairs

The computer network of Australian Parliament was hacked earlier this year, and hackers exfiltrated data from the computers of several elected officials.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Analysis: Instagram's Major Problem With Minors' Data

Data Breach Today

The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS

GDPR 158

New TA2101 threat actor poses as government agencies to distribute malware

Security Affairs

A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy.

Update: More Alerts About Medical Device Security Flaws

Data Breach Today

Latest Advisories a Reminder of Legacy Product Risks Several recent advisories from federal regulators concerning newly identified vulnerabilities in certain medical devices serve as the latest reminders of the risk management challenges involved

Risk 151

146 New Vulnerabilities All Come Preinstalled on Android Phones

WIRED Threat Level

The dozens of flaws across 29 Android smartphone makers show just how insecure the devices can be, even brand-new. Security Security / Security News

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

DOJ: Pair Used SIM Swapping Scam to Steal Cryptocurrency

Data Breach Today

Two Men Targeted 10 Executives Who Had Cryptocurrency Connections A pair of Massachusetts men allegedly ran a years-long scheme that used SIM swapping and other hacking techniques to target executives in order to steal more than $550,000 worth of cryptocurrency, the U.S.

151
151

Did you know? AMC Monthly Newsletter

Micro Focus

It may be getting colder out there, but things are warming up in the world of Application Modernization & Connectivity and our November newsletter has all the news about events, webinars, and more. Take in a TechTip We are pleased to announce three more additions to our TechTip Webinar series.

IT 78

Documentation Theory for Information Governance

ARMA International

This article is part of a collaboration between ARMA and AIEF and is included in Information Management Magazine, ARMA-AIEF Special Edition , which will be available for download in November. A printed version of the special issue will be available as well, for a nominal fee.

The Evidence That Links Russia’s Most Brazen Hacking Efforts

WIRED Threat Level

From the 2017 French election to the Olympics to NotPetya, the same group's fingerprints have appeared again and again. Security Security / National Security

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Illegal Booter Connected with DDoSes Sentenced to Prison, Fine

Dark Reading

The Illinois-based man operated a criminal service that launched millions of DDoS attacks and brought in hundreds of thousands of dollars

83

Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers

Threatpost

The copycat sites are using valid certificates to be more convincing. Web Security copycat sites Fraud holiday shopping Let's Encrypt Phishing retail tls valid certificates

Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed

Dark Reading

Degrees, certifications, and experience are all important to career development, but mastering the people side of the equation may matter a whole lot more, CISOs say

82

Stealthy Malware Flies Under AV Radar with Advanced Obfuscation

Threatpost

A threat campaign active since January customizes long-used droppers to infect victim machines and lift credentials and other data from browsers, according to Cisco Talos.

DevSecOps: The Answer to the Cloud Security Skills Gap

Dark Reading

There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap

Cloud 82

James Clapper: Lessons Learned in a Post-Snowden World

Threatpost

Former national intelligence director James Clapper discusses lessons learned from the 2013 Snowden leak as well as the top cyberthreats that the U.S. is currently facing. Government Hacks Privacy data leak Edward Snowden Enfuse insider threat James Clapper NSA

Attackers' Costs Increasing as Businesses Focus on Security

Dark Reading

Based on penetration tests and vulnerability assessments, attackers' costs to compromise a company's network increases significantly when security is continuously tested, a report finds

Steps to Take for Preventing Hipaa Violations

Record Nations

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that provides minimum requirements for protecting certain health information. For anyone who handles medical records or works with patient data, an understanding of the basic HIPAA requirements is crucial.

Black Hat Europe Brings A Bevy of IoT Security Insights

Dark Reading

Attend this London event next month for the latest on how security researchers are finding (and solving) security vulnerabilities in all of your favorite Internet-connected devices

IoT 80

146 New Android Bugs, an Audio Porn Streaming Site, and More News

WIRED Threat Level

Catch up on the most important news from today in two minutes or less. Security Security / Cyberattacks and Hacks

12 Tips for Dealing with a Manipulative Security Manager

Dark Reading

Don't let yourself be stuck in an unhealthy work environment with a toxic manager who takes advantage of your talent

#DevDay: Where modernization meets realization

Micro Focus

Introduction to the Micro Focus #DevDay 2020 series #DevDay has been running for more than five years and across more than 50 locations. So what’s new for 2020? Paula Barker, Field Marketing Manager for Application Modernization, gives us a sneak preview.

Government of Nunavut returns to paper records after ransomware attack

IG Guru

Another unfortunate case of a ransomware attack on a municipality. Read more here and how they may end up paying the ransom. The post Government of Nunavut returns to paper records after ransomware attack appeared first on IG GURU.

Paper 52