Thu.Jul 18, 2019

Authentication and the Have I Been Pwned API

Troy Hunt

The very first feature I added to Have I Been Pwned after I launched it back in December 2013 was the public API.

Identity Theft on the Job Market

Schneier on Security

Identity theft is getting more subtle: " My job application was withdrawn by someone pretending to be me ": When Mr Fearn applied for a job at the company he didn't hear back. He said the recruitment team said they'd get back to him by Friday, but they never did.

CVE-2019-6342 flaw allows hackers to fully compromise Drupal 8.7.4 websites

Security Affairs

Drupal developers urge users to update their installs to version 8.7.5, which addresses the CVE-2019-6342 flaw that allows hackers to take control of Drupal 8 sites. Drupal developers informed users that version 8.7.4

CMS 113

The FaceApp Privacy Panic, a Mysterious Satellite Outage, and More News

WIRED Threat Level

Catch up on the most important news from today in two minutes or less. Security Security / Privacy

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Experts spotted a rare Linux Desktop spyware dubbed EvilGnome

Security Affairs

Experts at Intezer discovered a new backdoor, dubbed EvilGnome, that is targeting Linux systems for cyber espionage purpose. Intezer spotted a new piece of Linux malware dubbed EvilGnome because it disguises as a Gnome extension.

More Trending

Scraping the TOR for rare contents

Security Affairs

Cyber security expert Marco Ramilli explains the difficulties for scraping the ‘TOR networks’ and how to enumerate hidden-services with s crapers. Scraping the “TOR hidden world” is a quite complex topic.

Europe’s Galileo Satellite Outage Serves as a Warning

WIRED Threat Level

The dramatic EU Galileo incident underscores the threat of satellite timing and navigation system failures. Security Security / Security News

The Problem With the Small Business Cybersecurity Assistance Act

Security Affairs

The Small Business Cybersecurity Assistance Act may provide business owners with access to government-level tools to secure small business against attacks. Perhaps the best approach to rampant malware, ransomware and cybercrime is stronger cooperation between the public and private sectors.

8 Legit Tools and Utilities That Cybercriminals Commonly Misuse

Dark Reading

Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity

114
114

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Slack resetting passwords for roughly 1% of its users

Security Affairs

Slack is resetting passwords for accounts belonging to users that have not secured them after the data breach suffered by the company in 2015. Slack announced it is resetting passwords for accounts belonging to users that have not secured them after the data breach suffered by the company in 2015.

Slack Initiates Mass Password Reset

Threatpost

More victims of a 2015 credential-harvesting incident have come to light. Breach Cloud Security Hacks Privacy 2015 incident credential harvesting data breach password reset security breach Slack

Experts detailed new StrongPity cyberespionage campaigns

Security Affairs

Experts at AT&T’s Alien Labs recently discovered an ongoing campaign conducted by StrongPity threat actor that abuses malicious WinBox installers to infect victims.

Mirai Botnet Sees Big 2019 Growth, Shifts Focus to Enterprises

Threatpost

Mirai activity has nearly doubled between the first quarter of 2018 and the first quarter of 2019. IoT Malware 2019 growth backdoor botnet Cryptominers enterprise targeting IBM X-Force Mirai

IoT 113

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

EDW in the Cloud TCO

Perficient Data & Analytics

In 2016, when I did my first in-depth comparison, the resulting TCOs were usually very close. Usually, the OpEx was slightly higher for the cloud TCO versus the on-prem TCO required substantial capital investment. However, our most recent estimate was eye-opening to our client.

Cloud 74

Google Triples Some Bug Bounty Payouts

Threatpost

Google is announcing much higher bug bounty payouts for Chrome, Chrome OS and Google Play. Vulnerabilities bug bounties chrome google pay increases payouts triples vulnerability

113
113

How to deliver a scalable AI pilot in just 8 weeks

IBM Big Data Hub

In business, aspiring to world-class is not enough when your competitors are already there. About half of the companies listed on the S&P 500 will be replaced over the next 10 years. Compared to the past, what’s unique abou t the disruption happening today is the rapid pace of change.

97

Ke3chang APT Linked to Previously Undocumented Backdoor

Threatpost

The cyberspy group's activities are broader than originally thought. Malware apt backdoor ESET Ke3chang ketrican malware okrum previously undocumented

104
104

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Calculating the Value of Security

Dark Reading

What will it take to align staff and budget to protect the organization

IT 87

Security Watch: Elon Musk’s NeuraLink Links Brains to iPhones via Bluetooth

Threatpost

Directly linking thoughts to a phone via Bluetooth -- what could go wrong? Hacks IoT Privacy artificial intelligence Bluetooth brain-machine interface elon musk neural implant neuralink phone app privacy implications security risks sewing robot

How Capture the Flag Competitions Strengthen the Cybersecurity Workforce

Dark Reading

These competitions challenge participants with problems involving digital forensics, cryptography, binary analysis, web security, and many other fields

FaceApp row: UK watchdog monitoring privacy concerns

The Guardian Data Protection

Information Commissioner’s Office says people should check how apps use their data The Information Commissioner’s Office (ICO) is considering allegations that FaceApp, the face-ageing photo app that has gone viral, is misusing personal data. “We

RDP Bug Takes New Approach to Host Compromise

Dark Reading

Researchers show how simply connecting to a rogue machine can silently compromise the host

87

Why is robotic process automation disappointing healthcare organizations?

DXC Technology

by Michael Brouthers All healthcare organizations — on both the provider and payer side — struggle with three operational imperatives: maximizing revenues and operating margins, improving clinical outcomes, and optimizing administrative efficiency.

56

BitPaymer Ransomware Operators Wage Custom, Targeted Attacks

Dark Reading

A new framework is allowing the threat group to compile variants of the malware for each victim, Morphisec says

Thinking Like a Millennial: How Millennials are Changing Discovery, Part Five

eDiscovery Daily

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems. He has also been a great addition to our webinar program, participating with me on several recent webinars.

Open Source Hacking Tool Grows Up

Dark Reading

Koadic toolkit gets upgrades - and a little love from nation-state hackers

85

20 July Plot and Operation Valkyrie

Unwritten Record

This Saturday will be the 75 th Anniversary of the failed plot to assassinate Adolf Hitler and implement Operation Valkyrie by German military leaders.

Security Lessons From a New Programming Language

Dark Reading

A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process

IoT 85

DocPoint Solutions Wins 2019 Nintex Partner Award for Business Excellence

Document Imaging Report

Fulton, Md. July 17, 2019— DocPoint Solutions, Inc.

ECM 52

79% of US Consumers Fear Webcams Are Watching

Dark Reading

Widespread privacy concerns have caused 60% of people to cover their laptop webcams - some in creative ways - survey data shows