Tue.Nov 06, 2018

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force , a team of law enforcement officers and prosecutors based in Santa Clara, Calif.

Georgia Patches Voter Website, But Hacking Accusation Stands

Data Breach Today

Disclosure Flow Suggests Georgia's Secretary of State's Office May Have Erred Georgia quietly fixed two flaws in its voter registration website that could have exposed personal information.

IT 209

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

Symantec Buys Javelin Networks and Appthority

Data Breach Today

Separately, Thoma Bravo Moves to Acquire Veracode Software From Broadcom Symantec has announced not one but two acquisitions of private cybersecurity firms: Javelin Networks and Appthority.

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data.

Blockchain: The Good, the Bad and the Legal

Data Breach Today

IBM Watson will be used by NIST to assign CVSS scores to vulnerabilities

Security Affairs

The National Institute of Standards and Technology (NIST) is planning to use Artificial Intelligence to assign the CVSS scores to reported vulnerabilities.

More Trending

What’s the difference between business continuity and disaster recovery?

IT Governance

Disasters happen, whether it’s a cyber attack, flood, power outage, road closure or any other type of disruption. And when it strikes, your organisation needs to be ready to implement its business continuity and disaster recovery plans. .

State of the Authentication Landscape

Data Breach Today

As we approach 2019, is it realistic to think the end of our dependency on traditional user names and passwords is in sight? Shane Weeden, and authentication expert with IBM Security, discusses the future of authentication and why he's encouraged by the FIDO2 initiative

What’s the difference between business continuity and disaster recovery?

IT Governance

Disasters happen, whether it’s a cyber attack, flood, power outage, road closure or any other type of disruption. And when it strikes, your organisation needs to be ready to implement its business continuity and disaster recovery plans. .

Managing Third-Party Risk in the Age of Ransomware

Data Breach Today

As ransomware and other cyberattacks continues to proliferate, organizations must improve vendor risk management so they have a plan in place in case a business associate falls victim, says Mitch Parker, CISO of Indiana University Health System, who will speak at ISMG's Healthcare Security Summit in New York

Make sure you trust your third-party vendor

Thales Data Security

Best Buy, Panera Bread, Target and Under Armour. What do each of these companies have in common? They each suffered a data breach at the hands of a third-party vendor.

Apache Struts users have to update FileUpload library to fix years-old flaws

Security Affairs

Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. “Apache today released an advisory, urging users who run Apache Struts 2.3.x to update the commons-fileupload component [1]. Struts 2.3.x uses by default the old 1.3.2

Top 10 SIEM Products

eSecurity Planet

We review and compare 10 SIEM products that can help you manage your overall IT security from a single tool

Tools 112

Facebook Blocks Handful of Accounts on Eve of Election

Adam Levin

Facebook announced in a blog post on November 5th that it blocked 115 accounts on its platforms after being informed by law enforcement that they may have been “engaged in coordinated inauthentic behavior.”.

Tools 77

How the General Data Protection Regulation (GDPR) Helps Improve RIM Policies and Processes

InfoGoTo

A good incentive to update and strengthen your organization’s records and information management (RIM) policies is the looming threat of fines upwards of 20 million euros, courtesy of the European Union’s General Data Protection Regulation (GDPR) , which became effective on May 25, 2018.

GDPR 77

Midterm Elections 2018: All the Hoaxes and Viral Misinformation

WIRED Threat Level

WIRED is looking out for the biggest stories, the most common hoaxes, and the likeliest sources of confusion as they emerge throughout the day. Security

Cryptojacking: Hackers Mining Bitcoin on Your Dime!

InfoGoTo

When cryptojacking, criminal hackers use enterprise computers to mine cryptocurrencies like bitcoin without the organization’s knowledge or consent, escaping the upfront costs of buying computers or computer processing power for the job. Meanwhile, the organization suffers productivity loss and infections of hardware and software. Affected organizations lose some of their return on investment in the electricity running those machines, too.

4 steps to make business intelligence teams more relevant

Information Management Resources

To enable business intelligence teams to move up the value chain from providing commodity reports to business driving analytics, organizations should add these four components. Business intelligence Data strategy Data management

Why the CISSP Remains Relevant to Cybersecurity After 28 Years

Dark Reading

The venerable Certified Information Systems Security Professional certification has been around for a very long time -- and for good reason

5 best practices for third-party data risk management

Information Management Resources

Recent events leading to overshared data, breached data, operational failures and other incidents have prompted many businesses to re-evaluate how they approach third-party risk management. Data security Cyber security Cyber attacks

Midterm Elections 2018: Voting Machine Meltdowns Are Normal—That’s the Problem

WIRED Threat Level

Americans watched their voting technology break down right in front of their eyes—or on social media—Tuesday, but it's too soon to tell if the problems reached historic proportions. Security

IT 58

HSBC Data Breach Hits Online Banking Customers

Threatpost

The data breach includes names, addresses, transaction histories, account information and more. Hacks Web Security brute force Credential stuffing data breach HSBC Online banking password reuse

The Innovation Dilemma in Financial Services

Perficient Data & Analytics

Customers place a lot of value on innovation when selecting financial services products. They now identify “Innovative” as an attribute that stands out in terms of differentiation. Yet, most retail banks and credit unions struggle with innovation (as do most companies).

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets.

Go-To-Market Strategy in the Clouds

Perficient Data & Analytics

I’ve embarked on a new journey with Perficient. After more than four years as part of the management consulting team, I am now responsible for launching our go-to-market (GTM) strategy for our firm’s cloud services.

How to build with IBM and MongoDB Enterprise Document Store

IBM Big Data Hub

The IBM-MongoDB partnership continues to go like gangbusters. Announced in June 2018, our first version of MongoDB Enterprise Advanced is now giving way to our second version

Governance in Healthcare: Information Assists Consumer Experience

Perficient Data & Analytics

HSBC: Security Breach Exposes Account, Transaction Data

Dark Reading

Unauthorized users accessed HSBC accounts between Oct. 4 and 14, the bank reports in a letter to customers

Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed

Threatpost

Firmware updates won't address the problem, so admins need to take other action. Cryptography Privacy Vulnerabilities Bitlocker crucial data encryption physical access raboud university Samsung solid state drives vulnerability

Hidden Costs of IoT Vulnerabilities

Dark Reading

IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought

IoT 75

Arron Banks' firm and Leave.?EU face £135k fine over data misuse

The Guardian Data Protection

Information commissioner’s report says fines levied for ‘serious breaches’ of data laws Brexit campaign group Leave.EU and the Eldon Insurance company, owned by Arron Banks, face fines totalling £135,000 over breaches of data laws, a report from the information commissioner, Elizabeth Denham, has confirmed. The report, released on the commissioner’s website, stated that Leave.EU

Feds, Facebook Join Forces to Prevent Mid-Term Election Fraud

The Security Ledger

The U.S. government and social media firms took action to suspend bogus accounts ahead of Tuesday’s midterm elections. Photo by Paul Roberts) Federal authorities, social media companies, and the U.S.

Information Governance World Magazine Now Available!

IG Guru

The world’s first magazine covering IG topics & featuring interviews with industry leaders is here! Information Governance World magazine is now available -in print and digital editions!

Most Businesses to Add More Cloud Security Tools

Dark Reading

Cloud adoption drives organizations to spend in 2019 as they learn traditional security practices can't keep up

Tools 73

Get an IBM data science professional certificate on Coursera

IBM Big Data Hub

The swelling demand for data scientists coupled with the evident skills gap has implications for the global economy as well as the tech industry. What’s causing it, and what can be done to address it

Organizations seek greater insights from mobile data analytics

Information Management Resources

The rise in mobile computing has also led to an increase in mobile data analytics, as organizations look to gain more business insights at the edge of the enterprise network. Mobile technology Analytics Predictive analytics