Tue.Nov 06, 2018

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force , a team of law enforcement officers and prosecutors based in Santa Clara, Calif.

Georgia Patches Voter Website, But Hacking Accusation Stands

Data Breach Today

Disclosure Flow Suggests Georgia's Secretary of State's Office May Have Erred Georgia quietly fixed two flaws in its voter registration website that could have exposed personal information.

IT 199

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data.

Symantec Buys Javelin Networks and Appthority

Data Breach Today

Separately, Thoma Bravo Moves to Acquire Veracode Software From Broadcom Symantec has announced not one but two acquisitions of private cybersecurity firms: Javelin Networks and Appthority.

IBM Watson will be used by NIST to assign CVSS scores to vulnerabilities

Security Affairs

The National Institute of Standards and Technology (NIST) is planning to use Artificial Intelligence to assign the CVSS scores to reported vulnerabilities.

Blockchain: The Good, the Bad and the Legal

Data Breach Today

More Trending

'Trump' Spam Trumps All Other Spam

Data Breach Today

Love Him or Loathe Him, Surname Dominates Spam Emails, Proofpoint Finds With the U.S. midterm elections occurring on Tuesday, the "trump" keyword remains king for spammers. Spam campaigners understand the value of brands, and for spam as for ballots, and whether for or against, the election is all about Trump," security firm Proofpoint says

Make sure you trust your third-party vendor

Thales eSecurity

Best Buy, Panera Bread, Target and Under Armour. What do each of these companies have in common? They each suffered a data breach at the hands of a third-party vendor.

State of the Authentication Landscape

Data Breach Today

As we approach 2019, is it realistic to think the end of our dependency on traditional user names and passwords is in sight? Shane Weeden, and authentication expert with IBM Security, discusses the future of authentication and why he's encouraged by the FIDO2 initiative

How the General Data Protection Regulation (GDPR) Helps Improve RIM Policies and Processes

InfoGoTo

A good incentive to update and strengthen your organization’s records and information management (RIM) policies is the looming threat of fines upwards of 20 million euros, courtesy of the European Union’s General Data Protection Regulation (GDPR) , which became effective on May 25, 2018.

GDPR 91

Managing Third-Party Risk in the Age of Ransomware

Data Breach Today

As ransomware and other cyberattacks continues to proliferate, organizations must improve vendor risk management so they have a plan in place in case a business associate falls victim, says Mitch Parker, CISO of Indiana University Health System, who will speak at ISMG's Healthcare Security Summit in New York

What’s the difference between business continuity and disaster recovery?

IT Governance

Disasters happen, whether it’s a cyber attack, flood, power outage, road closure or any other type of disruption. And when it strikes, your organisation needs to be ready to implement its business continuity and disaster recovery plans. .

Apache Struts users have to update FileUpload library to fix years-old flaws

Security Affairs

Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. “Apache today released an advisory, urging users who run Apache Struts 2.3.x to update the commons-fileupload component [1]. Struts 2.3.x uses by default the old 1.3.2

What’s the difference between business continuity and disaster recovery?

IT Governance

Disasters happen, whether it’s a cyber attack, flood, power outage, road closure or any other type of disruption. And when it strikes, your organisation needs to be ready to implement its business continuity and disaster recovery plans. .

Cryptojacking: Hackers Mining Bitcoin on Your Dime!

InfoGoTo

When cryptojacking, criminal hackers use enterprise computers to mine cryptocurrencies like bitcoin without the organization’s knowledge or consent, escaping the upfront costs of buying computers or computer processing power for the job. Meanwhile, the organization suffers productivity loss and infections of hardware and software. Affected organizations lose some of their return on investment in the electricity running those machines, too.

Facebook Blocks Handful of Accounts on Eve of Election

Adam Levin

Facebook announced in a blog post on November 5th that it blocked 115 accounts on its platforms after being informed by law enforcement that they may have been “engaged in coordinated inauthentic behavior.”.

Tools 78

Top 10 SIEM Products

eSecurity Planet

We review and compare 10 SIEM products that can help you manage your overall IT security from a single tool

Tools 110

Midterm Elections 2018: All the Hoaxes and Viral Misinformation

WIRED Threat Level

WIRED is looking out for the biggest stories, the most common hoaxes, and the likeliest sources of confusion as they emerge throughout the day. Security

4 steps to make business intelligence teams more relevant

Information Management Resources

To enable business intelligence teams to move up the value chain from providing commodity reports to business driving analytics, organizations should add these four components. Business intelligence Data strategy Data management

Collecting Information from the Web: Practical Business Uses and Who’s Doing It

Connotate

Automating the process of collecting information from the web is a technique that allows companies – large and small – to extract unstructured content from a website or web page into a cleanly structured format.

5 best practices for third-party data risk management

Information Management Resources

Recent events leading to overshared data, breached data, operational failures and other incidents have prompted many businesses to re-evaluate how they approach third-party risk management. Data security Cyber security Cyber attacks

Why the CISSP Remains Relevant to Cybersecurity After 28 Years

Dark Reading

The venerable Certified Information Systems Security Professional certification has been around for a very long time -- and for good reason

How to Enable IoT Security and Protect Your Data From Weak Links

InfoGoTo

A casino was recently hacked via an IoT device (a thermometer) in its lobby fish tank. When hackers can co-opt a database of high rollers at a casino by fishing out data through the aquarium thermometer, it’s time to secure your IoT security loose ends. But where does one start? Know what devices you have. IoT devices often enter the enterprise without IT support or setup, so understanding how to protect yourself must start with knowing what you’re protecting yourself from.

IoT 58

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets.

The Innovation Dilemma in Financial Services

Perficient Data & Analytics

Customers place a lot of value on innovation when selecting financial services products. They now identify “Innovative” as an attribute that stands out in terms of differentiation. Yet, most retail banks and credit unions struggle with innovation (as do most companies).

HSBC Data Breach Hits Online Banking Customers

Threatpost

The data breach includes names, addresses, transaction histories, account information and more. Hacks Web Security brute force Credential stuffing data breach HSBC Online banking password reuse

Go-To-Market Strategy in the Clouds

Perficient Data & Analytics

I’ve embarked on a new journey with Perficient. After more than four years as part of the management consulting team, I am now responsible for launching our go-to-market (GTM) strategy for our firm’s cloud services.

How to build with IBM and MongoDB Enterprise Document Store

IBM Big Data Hub

The IBM-MongoDB partnership continues to go like gangbusters. Announced in June 2018, our first version of MongoDB Enterprise Advanced is now giving way to our second version

Governance in Healthcare: Information Assists Consumer Experience

Perficient Data & Analytics

Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed

Threatpost

Firmware updates won't address the problem, so admins need to take other action. Cryptography Privacy Vulnerabilities Bitlocker crucial data encryption physical access raboud university Samsung solid state drives vulnerability

Organizations seek greater insights from mobile data analytics

Information Management Resources

The rise in mobile computing has also led to an increase in mobile data analytics, as organizations look to gain more business insights at the edge of the enterprise network. Mobile technology Analytics Predictive analytics

Get an IBM data science professional certificate on Coursera

IBM Big Data Hub

The swelling demand for data scientists coupled with the evident skills gap has implications for the global economy as well as the tech industry. What’s causing it, and what can be done to address it

Midterm Elections 2018: Voting Machine Meltdowns Are Normal—That’s the Problem

WIRED Threat Level

Americans watched their voting technology break down right in front of their eyes—or on social media—Tuesday, but it's too soon to tell if the problems reached historic proportions. Security

IT 52

LEAD Technologies, Inc. Joins TWAIN Working Group as an Associate Member

Document Imaging Report

Raleigh, NC – November 6, 2018 – The TWAIN Working Group (TWG), a not-for-profit organization designed to provide and foster a universal public standard which links applications and image acquisition devices, today announced that LEAD Technologies, Inc. has joined the Group as an Associate member.