Tue.Nov 06, 2018

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force , a team of law enforcement officers and prosecutors based in Santa Clara, Calif.

Georgia Patches Voter Website, But Hacking Accusation Stands

Data Breach Today

Disclosure Flow Suggests Georgia's Secretary of State's Office May Have Erred Georgia quietly fixed two flaws in its voter registration website that could have exposed personal information.

IT 206

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

Symantec Buys Javelin Networks and Appthority

Data Breach Today

Separately, Thoma Bravo Moves to Acquire Veracode Software From Broadcom Symantec has announced not one but two acquisitions of private cybersecurity firms: Javelin Networks and Appthority.

How the General Data Protection Regulation (GDPR) Helps Improve RIM Policies and Processes

InfoGoTo

A good incentive to update and strengthen your organization’s records and information management (RIM) policies is the looming threat of fines upwards of 20 million euros, courtesy of the European Union’s General Data Protection Regulation (GDPR) , which became effective on May 25, 2018.

GDPR 91

Blockchain: The Good, the Bad and the Legal

Data Breach Today

More Trending

'Trump' Spam Trumps All Other Spam

Data Breach Today

Love Him or Loathe Him, Surname Dominates Spam Emails, Proofpoint Finds With the U.S. midterm elections occurring on Tuesday, the "trump" keyword remains king for spammers. Spam campaigners understand the value of brands, and for spam as for ballots, and whether for or against, the election is all about Trump," security firm Proofpoint says

What’s the difference between business continuity and disaster recovery?

IT Governance

Disasters happen, whether it’s a cyber attack, flood, power outage, road closure or any other type of disruption. And when it strikes, your organisation needs to be ready to implement its business continuity and disaster recovery plans. .

State of the Authentication Landscape

Data Breach Today

As we approach 2019, is it realistic to think the end of our dependency on traditional user names and passwords is in sight? Shane Weeden, and authentication expert with IBM Security, discusses the future of authentication and why he's encouraged by the FIDO2 initiative

What’s the difference between business continuity and disaster recovery?

IT Governance

Disasters happen, whether it’s a cyber attack, flood, power outage, road closure or any other type of disruption. And when it strikes, your organisation needs to be ready to implement its business continuity and disaster recovery plans. .

Managing Third-Party Risk in the Age of Ransomware

Data Breach Today

As ransomware and other cyberattacks continues to proliferate, organizations must improve vendor risk management so they have a plan in place in case a business associate falls victim, says Mitch Parker, CISO of Indiana University Health System, who will speak at ISMG's Healthcare Security Summit in New York

Facebook Blocks Handful of Accounts on Eve of Election

Adam Levin

Facebook announced in a blog post on November 5th that it blocked 115 accounts on its platforms after being informed by law enforcement that they may have been “engaged in coordinated inauthentic behavior.”.

Tools 83

Cryptojacking: Hackers Mining Bitcoin on Your Dime!

InfoGoTo

When cryptojacking, criminal hackers use enterprise computers to mine cryptocurrencies like bitcoin without the organization’s knowledge or consent, escaping the upfront costs of buying computers or computer processing power for the job. Meanwhile, the organization suffers productivity loss and infections of hardware and software. Affected organizations lose some of their return on investment in the electricity running those machines, too.

Top 10 SIEM Products

eSecurity Planet

We review and compare 10 SIEM products that can help you manage your overall IT security from a single tool

Tools 112

Midterm Elections 2018: All the Hoaxes and Viral Misinformation

WIRED Threat Level

WIRED is looking out for the biggest stories, the most common hoaxes, and the likeliest sources of confusion as they emerge throughout the day. Security

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data.

4 steps to make business intelligence teams more relevant

Information Management Resources

To enable business intelligence teams to move up the value chain from providing commodity reports to business driving analytics, organizations should add these four components. Business intelligence Data strategy Data management

IBM Watson will be used by NIST to assign CVSS scores to vulnerabilities

Security Affairs

The National Institute of Standards and Technology (NIST) is planning to use Artificial Intelligence to assign the CVSS scores to reported vulnerabilities.

5 best practices for third-party data risk management

Information Management Resources

Recent events leading to overshared data, breached data, operational failures and other incidents have prompted many businesses to re-evaluate how they approach third-party risk management. Data security Cyber security Cyber attacks

Why the CISSP Remains Relevant to Cybersecurity After 28 Years

Dark Reading

The venerable Certified Information Systems Security Professional certification has been around for a very long time -- and for good reason

How to Enable IoT Security and Protect Your Data From Weak Links

InfoGoTo

A casino was recently hacked via an IoT device (a thermometer) in its lobby fish tank. When hackers can co-opt a database of high rollers at a casino by fishing out data through the aquarium thermometer, it’s time to secure your IoT security loose ends. But where does one start? Know what devices you have. IoT devices often enter the enterprise without IT support or setup, so understanding how to protect yourself must start with knowing what you’re protecting yourself from.

IoT 58

Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed

Threatpost

Firmware updates won't address the problem, so admins need to take other action. Cryptography Privacy Vulnerabilities Bitlocker crucial data encryption physical access raboud university Samsung solid state drives vulnerability

Midterm Elections 2018: Voting Machine Meltdowns Are Normal—That’s the Problem

WIRED Threat Level

Americans watched their voting technology break down right in front of their eyes—or on social media—Tuesday, but it's too soon to tell if the problems reached historic proportions. Security

IT 57

HSBC Data Breach Hits Online Banking Customers

Threatpost

The data breach includes names, addresses, transaction histories, account information and more. Hacks Web Security brute force Credential stuffing data breach HSBC Online banking password reuse

The Innovation Dilemma in Financial Services

Perficient Data & Analytics

Customers place a lot of value on innovation when selecting financial services products. They now identify “Innovative” as an attribute that stands out in terms of differentiation. Yet, most retail banks and credit unions struggle with innovation (as do most companies).

Apache Struts users have to update FileUpload library to fix years-old flaws

Security Affairs

Apache Struts Users have to update the Commons FileUpload library in Struts 2 that is affected by two vulnerabilities. Apache Struts developers have addressed two vulnerabilities in the Commons FileUpload library in Struts 2, the flaws can be exploited for remote code execution and denial-of-service (DoS) attacks. “Apache today released an advisory, urging users who run Apache Struts 2.3.x to update the commons-fileupload component [1]. Struts 2.3.x uses by default the old 1.3.2

Go-To-Market Strategy in the Clouds

Perficient Data & Analytics

I’ve embarked on a new journey with Perficient. After more than four years as part of the management consulting team, I am now responsible for launching our go-to-market (GTM) strategy for our firm’s cloud services.

Organizations seek greater insights from mobile data analytics

Information Management Resources

The rise in mobile computing has also led to an increase in mobile data analytics, as organizations look to gain more business insights at the edge of the enterprise network. Mobile technology Analytics Predictive analytics

Governance in Healthcare: Information Assists Consumer Experience

Perficient Data & Analytics

Arron Banks' firm and Leave.?EU face £135k fine over data misuse

The Guardian Data Protection

Information commissioner’s report says fines levied for ‘serious breaches’ of data laws Brexit campaign group Leave.EU and the Eldon Insurance company, owned by Arron Banks, face fines totalling £135,000 over breaches of data laws, a report from the information commissioner, Elizabeth Denham, has confirmed. The report, released on the commissioner’s website, stated that Leave.EU

Feds, Facebook Join Forces to Prevent Mid-Term Election Fraud

The Security Ledger

The U.S. government and social media firms took action to suspend bogus accounts ahead of Tuesday’s midterm elections. Photo by Paul Roberts) Federal authorities, social media companies, and the U.S.

Information Governance World Magazine Now Available!

IG Guru

The world’s first magazine covering IG topics & featuring interviews with industry leaders is here! Information Governance World magazine is now available -in print and digital editions!

HSBC: Security Breach Exposes Account, Transaction Data

Dark Reading

Unauthorized users accessed HSBC accounts between Oct. 4 and 14, the bank reports in a letter to customers

How to build with IBM and MongoDB Enterprise Document Store

IBM Big Data Hub

The IBM-MongoDB partnership continues to go like gangbusters. Announced in June 2018, our first version of MongoDB Enterprise Advanced is now giving way to our second version