Fri.Mar 20, 2020

Coronavirus Cybercrime Victims: Please Come Forward

Data Breach Today

Businesses Asked to Report COVID-19-Themed Crime to Police As cybercriminals and nation-states take advantage of the COVID-19 pandemic to further their own aims, authorities are calling on victims to report online attacks as quickly as possible to help them better disrupt such activity

203
203

7 Elements in Modern Websites That Your Current Archiving Solution Might Be Missing

Hanzo Learning Center

Remember what websites used to look like back in the day? Compliance website collection Archiving website content Regulatory Compliance web archiving preserving website

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How to optimize EnCase for a work-from-home workforce

OpenText Information Management

The current global situation has necessitated home-working by many millions of employees, but in the legal and law-enforcement world, there is still a requirement to investigate, respond to eDiscovery requests or maintain a secure environment with rapid incident response capabilities.

Should Location Data Be Used in Battle Against COVID-19?

Data Breach Today

US, UK, Other Nations in Talks With Tech Firms to Provide Information The Trump administration is reportedly in talks with tech companies, including Facebook and Google, to explore whether it's possible to use real-time location data from smartphones to support efforts to slow the spread of COVID-19.

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Security Breach Disrupts Fintech Firm Finastra

Krebs on Security

Finastra , a company that provides a range of technology solutions to banks worldwide, said it was shutting down key systems in response to a security breach discovered Friday morning.

More Trending

Zxyel Flaw Powers New Mirai IoT Botnet Strain

Krebs on Security

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices.

IoT 179

Analysis: COVID-19 as a Cybercrime Opportunity

Data Breach Today

The latest edition of the ISMG Security Report analyzes how cybercriminals are exploiting the COVID-19 pandemic. Also featured: A discussion of potential 2020 election changes; tips for staying secure in a remote workplace

Dark Reading Cybersecurity Crossword Puzzle

Dark Reading

Here's a little something to snuggle up with if you're on lockdown

COVID-19 and Financial Markets: 'Unprecedented Times'

Data Breach Today

COVID-19: Modern society has never seen anything like it, and neither have financial markets. Venture capitalist Alberto Yépez analyzes the impact of the disease caused by the new coronavirus on public and private companies' valuations, as well as technology buyers and the threat environment

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

Experts warn of scanning activity conducted by Russia-linked APT28 cyberespionage group, hackers are searching for vulnerable mail servers. According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year.

Russian Hackers Relying on Compromised Accounts: Report

Data Breach Today

Group Leveraging Corporate Email Accounts, Trend Micro Researchers Say Russian state-sponsored hackers have switched their techniques, relying more on compromised corporate email accounts to send out targeted phishing emails and spam, according to the security firm Trend Micro

Security Ratings Are a Dangerous Fantasy

Dark Reading

They don't predict breaches, and they don't help people make valuable business decisions or make users any safer

Emergency Surveillance During COVID-19 Crisis

Schneier on Security

Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Proof of Concept Released for kr00k Wi-Fi Vulnerability

Dark Reading

The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices

84

UK printing company Doxzoo exposed US and UK military docs

Security Affairs

UK printing company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military. Security experts at vpnMentor discovered 343GB worth of files belonging to the printing company Doxzoo that were exposed on an AWS server.

200M Records of US Citizens Leaked in Unprotected Database

Dark Reading

Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week

82

Weekly Update 183

Troy Hunt

Geez, where do I even begin? I honestly wasn't sure, then I could hear the kids playing in the background whilst I was setting up and per the video thought "yeah, stuff it, I'll leave that in" because as messed up as a bunch of stuff is, life goes on.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

WhatsApp Is at the Center of Coronavirus Response

WIRED Threat Level

The World Health Organization is partnering with the messaging app to help ensure trustworthy information gets out. Security Security / Security News

Covid-19 Spurs Facial Recognition Tracking, Privacy Fears

Threatpost

The coronavirus pandemic is creating a lucrative market for facial recognition manufacturers. But privacy issues need to be top of mind, tech experts warn. Government Privacy Biometrics coronavirus COVID-19 data collection Data Privacy facial recognition GDPR surveillance state

Pwn2Own 2020 – Participants hacked Adobe Reader, Oracle VirtualBox, and Windows

Security Affairs

Pwn2Own 2020 Day 2 -Participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows.

IT 66

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears

Threatpost

Emails claiming to be directly from WHO’s Dr. Tedros Adhanom Ghebreyesus offer "drug advice" -- and malware infections.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Drupal addresses two XSS flaws by updating the CKEditor

Security Affairs

Drupal developers released security updates for versions 8.8.x and 8.7.x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x and 8.7.x that address two XSS vulnerabilities that affect the CKEditor library.

Defying Covid-19’s Pall: Pwn2Own Goes Virtual

Threatpost

Hacking contest goes virtual with participants remotely winning $295k in prizes for taking down Adobe Reader, Safari and Ubuntu. Vulnerabilities adobe apple Fluoroacetate macOS Master of Pwn PDF PWN2OWN pwn2own 2020 Safari use after free bug windows kernel

82

Designing a doctoral program in cyber security for working professionals from researchers at Robert Morris University

IG Guru

A great research paper on the subject via this PDF. The post Designing a doctoral program in cyber security for working professionals from researchers at Robert Morris University appeared first on IG GURU.

Paper 56

How to select an Identity and Access Management system in 2020

OpenText Information Management

In a previous blog, I took a look at ‘what are Identity and Access Management solutions?’. As businesses focus on cybersecurity Identity and Access Management (IAM) software is more and more important to enable digital business.

New Mirai Variant ‘Mukashi’ Targets Zyxel NAS Devices

Threatpost

The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices. Vulnerabilities brute force critical vulnerability Mirai Mirai Variant Mukashi network attached storage Palo Alto Networks Unit 42 zero-day vulnerability Zyxel

78

What is Cyber Resilience?

OpenText Information Management

In 2015, former Cisco CEO John Chambers famously wrote: “There are two types of companies: Those that have been hacked, and those that haven’t yet discovered that they’ve been hacked.” Since then, this statement has only become more accurate.

Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis

Dark Reading

In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic

53

How prepared are you for the EU MDR?

OpenText Information Management

On May 26, 2020, the EU Medical Device Regulation (MDR) exits its transition period. There are still questions about how it will operate – and the role of the EUDAMED database – but there is little sign that the EU has any intention of extending the deadline.

IT 55