Tue.Jun 11, 2019

Unsecured Database Leaves 8.4 TB of Email Metadata Exposed

Data Breach Today

Shanghai Jiao Tong University Has Since Locked-Down Elasticsearch Server A security researcher found an unsecured database belonging to the Shanghai Jiao Tong University in China that contained 8.4 TB of email metadata.

Radiohead Dropped 18 Hours of Unreleased Music to Screw Pirates

WIRED Threat Level

You can listen to the _OK Computer_–era tracks right here. Security Security / Cyberattacks and Hacks

US Border License Plate and Traveler Photos Exposed

Data Breach Today

Hack Attack Victim May Be Contractor Perceptics; Stolen Data Spotted on Dark Web License plate and traveler photos collected at the U.S. border have been compromised after a federal government subcontractor was hacked.

A Top Voting-Machine Firm Is Finally Taking Security Seriously

WIRED Threat Level

The long-awaited shift from paperless ballots could make elections more secure. Security

Contact Center Cloud Migration Done Right

Speaker: Sheila McGee-Smith, Founder and Principal Analyst, McGee-Smith Analytics

Many companies are in the midst of migrating their contact center to the cloud. Understanding how best to execute the transition of premises to cloud is part of that process. Join contact center industry analyst and No Jitter blogger Sheila McGee-Smith as she discussed tried and true best practices for avoiding the potential pitfalls of CX migration.

No Invitation Required: Hackers Can Phish Evite Users

Data Breach Today

Social-Planning Website Says Pre-2014 User Database Has Been Stolen Online invitation site Evite has been hacked and information on an unspecified number of users stolen.

More Trending

UK Man Sentenced for 2015 TalkTalk Hack

Data Breach Today

22-Year-Old Also Attacked His Former School The fallout from the 2015 TalkTalk hack continues as a 22-year-old U.K. man was sentenced to jail Monday for his role in the attack and other cybercrimes, including an attack against his former school

172
172

Think you’re not susceptible to phishing? Think again

IT Governance

A version of this blog was originally published on 8 January 2018. On average, one in ten emails is a phishing scam. With all that experience, you’d think we’d be pretty good at spotting malicious messages by now. According to a PhishMe survey , many of us think that’s the case.

Boosting Secure Coding Practices

Data Breach Today

Carlos Pero of Zurich Insurance on Gaining Buy-In Carlos Pero, who heads cyber application security at Zurich Insurance, discusses how to get developers to buy in to secure coding practices

Radiohead Gets ‘Hacked,’ a T-Mobile/Sprint Hiccup, and More News

WIRED Threat Level

Catch up on the most important news from today in two minutes or less. Security Security / Cyberattacks and Hacks

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

The Shifting Sands of Financial Fraud

Data Breach Today

Trace Fooshee of Aite Group on the Top Emerging Trends What are the top trends shaping the rising tide of financial fraud in 2019, and what can security professionals expect in the months and years to come? Trace Fooshee of Aite Group discusses changes in the fraud landscape

Trends 151

Linux Command-Line Editors Vulnerable to High-Severity Bug

Threatpost

A bug impacting editors Vim and Neovim could allow a trojan code to escape sandbox mitigations. Hacks Vulnerabilities Command-Line Editor CVE-2019-12735 Linux Neovim poc Trojan Vim vulnerability

112
112

What Stands Out in Proposed Premera Lawsuit Settlement?

Data Breach Today

What stands out most about a proposed $74 million settlement of a class action lawsuit against Premera Blue Cross in the wake of a 2014 data breach? Technology attorney Steven Teppler offers insights in this interview

What 3 Powerful GoT Women Teach Us about Cybersecurity

Dark Reading

Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Google Calendar Attacks Target Unwitting Mobile Users

Threatpost

Automatic invite notifications are spreading malicious links. Mobile Security Web Security attack vector automatic calendar notifications calendar phishing google calendar attack Kaspersky malicious links mobile users phishing campaign

Vulnerability in WordPress Live Chat Plugin allows to steal and hijack sessions

Security Affairs

Security researchers at Alert Logic have discovered a vulnerability in the WordPress Live Chat plugin that could be exploited to steal and hijack sessions.

FBI Warns of Dangers in 'Safe' Websites

Dark Reading

Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust

108
108

Microsoft Patches Four Publicly-Known Vulnerabilities

Threatpost

In total, 88 unique vulnerabilities were patched as part of Microsoft’s June Patch Tuesday security bulletin. Vulnerabilities Web Security elevation of privilege june patch tuesday Microsoft microsoft patch tuesday patch tuesday Publicly Know Vulnerabilities Windows Windows Shell

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw

Dark Reading

In vulnerability disclosure programs, organizations are paying more in total for XSS issues than any other vulnerability type, HackerOne says

107
107

Troy Hunt Looks to Sell Have I Been Pwned

Threatpost

"Project Svalbard" has commenced, as Hunt looks for the right company to take over the password-focused service. Breach Cloud Security Privacy Web Security Credential stuffing have i been pwnd looking for a buyer m&a Passwords project svalbard sale Troy Hunt

Sales 106

Getting Up to Speed on Magecart

Dark Reading

Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start

105
105

Critical Adobe Flash, ColdFusion Vulnerabilities Patched

Threatpost

Adobe issued patches for 11 vulnerabilities overall across its Flash, ColdFusion and Campaign products. Vulnerabilities Web Security adobe Adobe Campaign Adobe ColdFusion adobe flash arbitrary code execution Critical flaws june patch update patch tuesday vulnerability

IT 105

Customs and Border Protection (CBP) confirms hack of a subcontractor

Security Affairs

Customs and Border Protection (CBP) revealed that photos of travelers and license plates collected at a single U.S. border point have been stolen by hackers. Customs and Border Protection (CBP) revealed that photos of travelers and license plates collected at a single U.S.

Rocket.Build 2019: Taking on deep-data discovery

Rocket Software

Information technology is rising from the ashes of its greatest revolution; a war between data and platform. And by nearly all counts, the winner is clear: data has won. Here in Boston, Rocket Software is enjoying our sixth, and biggest Rocket.Build hackathon event.

'Have I Been Pwned' Is Up for Sale

Dark Reading

Troy Hunt, who has been running HIBP solo for six years, launched "Project Svalbard" so the site can evolve with more resources, funding, and support

Sales 101

Near-Ubiquitous Critical Microsoft RCE Bugs Affect All Versions of Windows

Threatpost

The two CVEs allow bypasses to get around NTLM relay attack mitigations. Vulnerabilities Active Directory bypass mitigations critical vulnerability CVE-2019-1019 CVE-2019-1040 june patch tuesday Microsoft Windows ntlm relay attack remote code execution

99

Workshop on the Economics of Information Security

Schneier on Security

Last week, I hosted the eighteenth Workshop on the Economics of Information Security at Harvard. Ross Anderson liveblogged the talks. conferences economicsofsecurity securityconferences

Microsoft Issues Fixes for 88 Vulnerabilities

Dark Reading

Four of the flaws are publicly known but none have been listed as under active attack

97

Resourceful Records Managers

The Schedule

Finally… an installment of resourceful records managers! This time we are featuring Holly Dolan, Denton County – Records Management Officer! If you want to be featured, please fill out the form here. Photo coming soon!). What led you to choose your current career in Records Management? Like so many records managers, I kind of fell into it! In my last semester of grad school I began searching for job options that would leverage my information and data management skills.

How Ursnif Evolves to Keep Threatening Italy

Security Affairs

For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants, Yoroi-Cybaze ZLab detailed its evolution. Introduction. For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants.

Data Breach Exposes 100K U.S. Traveler Photos, License Plates

Threatpost

A recent breach of U.S. Customs and Border Protection traveler photo and license plate data has led experts to condemn the collection and storage of facial recognition data.