Mon.Aug 12, 2019

SEC Investigating Data Leak at First American Financial Corp.

Krebs on Security

The U.S. Securities and Exchange Commissio n (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp.

Apple Expands Bug Bounty; Raises Max Reward to $1 Million

Data Breach Today

Move Generates Praise From Security Experts Apple is opening up its bug bounty program to all researchers, increasing the rewards and expanding the scope of qualifying products in a bid to attract tips on critical software flaws.

GUEST ESSAY: Why the next round of cyber attacks could put many SMBs out of business

The Last Watchdog

In the last year, the news media has been full of stories about vicious cyber breaches on municipal governments. From Atlanta to Baltimore to school districts in Louisiana, cyber criminals have launched a wave of ransomware attacks on governments across the country. Related: SMBs struggle to mitigate cyber attacks As city governments struggle to recover access to their data, hackers are already turning their sites on their next targets: small and medium-sized businesses (SMBs).

Big Data Analytics' Role in Security

Data Breach Today

Splunk's Haiyan Song Shares Insights on Addressing Emerging Threats Big data analytics can help security professionals stay ahead of emerging challenges in a rapidly changing threat landscape, says Splunk's Haiyan Song

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Extended Validation Certificates are (Really, Really) Dead

Troy Hunt


More Trending

FBI is searching for contractors to monitor social media

Security Affairs

The FBI is searching for contractors to monitor social media for potential threats, the announcement raises concerns for user privacy. The abuse of social media passwords for malicious purpose is quite common, for this reason, the FBI is searching for contractors to monitor them.

Members of Chinese Espionage Group Develop a 'Side Business'

Data Breach Today

Evaluating the NSA's Telephony Metadata Program

Schneier on Security

Interesting analysis: " Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended? " by Susan Landau and Asaf Lubin.

Unsecure Drivers Allow for Easy Windows Hacking: Report

Data Breach Today

Study Identifies 40 Certified Drivers From 20 Vendors That Open the Door to Attacks Researchers from the security firm Eclypsium have identified 40 poorly designed drivers from 20 hardware and BIOS vendors that can give attackers numerous way to hack into various versions of Windows

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

Canon DSLR Camera Infected with Ransomware Over the Air. A researcher discovered 6 flaws in the image transfer protocol used in Canon EOS 80D DSLR cameras that allow him to infect the device with ransomware over the air.

The Role of the Cloud in Updating Security

Data Breach Today

RiskIQ's Aaron Mog on the Need for a Security Rebirth The velocity of change at large corporations has made traditional IT security methods inadequate, but cloud-based solutions can play an important role, says Aaron Mog of RiskIQ

Cloud 163

Watch out, your StockX account details may be available in crime forums

Security Affairs

Researchers discovered a dump containing 6,840,339 records associated with StockX user accounts that surfaced in the cybercrime underground. Last week media reported the hack of StockX , the fashion and sneaker trading platform.

A New Credential for Healthcare Security Leaders

Data Breach Today

A new professional credential aims to help healthcare organizations bolster their security leadership bench strength, says William Brad Marsh, co-chair of a committee that developed the certification

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Recently Cloud Atlas used a new piece of polymorphic malware

Security Affairs

Cloud Atlas threat actors used a new piece of polymorphic malware in recent attacks against government organizations.

Cloud 109

How to Get Rich and Be Super Creepy

Adam Levin

If you missed the news about Russian-owned FaceApp going viral, you’ve probably been vacationing on the coast of a dust pond on the dark side of the moon. It highlights the general lack of privacy laws out there, and may herald the start of meaningful legislation.

Gamers Beware: Zero-Day in Steam Client Affects All Windows Users


An elevation-of-privilege bug allows attackers to run any program on a target machine with high privileges. Vulnerabilities Web Security felix HackerOne privilege escalation Steam steam client unpatched Valve Windows Windows registry zero day

6 Security Considerations for Wrangling IoT

Dark Reading

The Internet of Things isn't going away, so it's important to be aware of the technology's potential pitfalls

IoT 114

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Black Hat 2019 News Wrap: The Best and Worst of the Show


Threatpost breaks down the highs and lows from Black Hat 2019, from new vulnerabilities and industry collaboration to a scandal around a sponsored session.

Security Flaws Discovered in 40 Microsoft-Certified Device Drivers

Dark Reading

Attackers can use vulnerable drivers to escalate privilege and execute malicious code in every part of the system

Tips for Successful Zero-Trust Implementation


"Never trust, always verify" is a solid security concept -- but it's important to realize that putting it into practice can be complex.

IT 112

Security Pros, Congress Reps Talk National Cybersecurity at DEF CON

Dark Reading

Cybersecurity and government leaders discussed why Congress is unprepared for a major cyberattack and how the two parties can collaborate

6 ways to put your data to practical use now

Information Management Resources

Countless articles advise today's business leaders to use the data they have, and you've probably read some of them. However, many people intend to start examining data but stop short of doing it

IT 72

Researchers Show How SQLite Can Be Modified to Attack Apps

Dark Reading

New technique involves query hijacking to trigger a wide range of memory safety issues within the widely used database engine, Check Point says


5 trends that are driving cloud computing investments

Information Management Resources

The cloud has a rich history of continual improvements, and 2019 marks a time of some fairly significant ones that enhance capabilities, simplify operations and reduce costs

Cloud 72

Modern-Day SOCs: People, Process & Technology

Dark Reading

As businesses look to the future and invest in next-generation tools, here are some considerations for more effective planning


Rethinking the Value of Premium SSL Certificates



DEF CON Voting Village: It's About 'Risk'

Dark Reading

DHS, security experts worry about nation-state or other actors waging a disruptive or other attack on the 2020 election to sow distrust of the election process

Risk 111