Fri.Jun 07, 2019

GoldBrute Botnet Brute-Force Attacking 1.5M RDP Servers

Data Breach Today

Botnet Scanning Internet for Vulnerable Windows Machines A new botnet called GoldBrute is actively scanning the internet and using brute-force methods to attack 1.5 million Windows machines that have exposed Remote Desktop Protocol connections, according to research from Morphus Labs.

Groups 209

iOS Shortcut for Recording the Police

Schneier on Security

" Hey Siri; I'm getting pulled over " can be a shortcut: Once the shortcut is installed and configured , you just have to say, for example, "Hey Siri, I'm getting pulled over."

Video 110

Feds Charge Four in New Darkode Case

Data Breach Today

All Four Charged With Racketeering Conspiracy Federal prosecutors brought racketeering and other charges against four people, including one U.S. citizen, related to Darkode, a notorious online forum that specialized in buying and selling of malware and other hacking tools.

Tools 168

Fort Worth IT Professionals Fired for Reporting Cybersecurity Issues: What We Know

Security Affairs

In October 2017, the city of Fort Worth, Texas became the target of a phishing scam. Their accounts payable department received an email that appeared to be from Imperial Construction, a company that was doing business with the city at the time. The sender of the email, later identified as Gbenga A.

Contact Center Cloud Migration Done Right

Speaker: Sheila McGee-Smith, Founder and Principal Analyst, McGee-Smith Analytics

Many companies are in the midst of migrating their contact center to the cloud. Understanding how best to execute the transition of premises to cloud is part of that process. Join contact center industry analyst and No Jitter blogger Sheila McGee-Smith as she discussed tried and true best practices for avoiding the potential pitfalls of CX migration.

Analysis: Apple's New Single Sign-On Feature

Data Breach Today

The latest edition of the ISMG Security Report describes Apple's newly announced single sign-on function that's built with privacy in mind. Plus, a discussion of the "other" insider threat and an Infosecurity Europe conference recap

More Trending

Tech Data Says It Has Closed Off StreamOne Data Exposure

Data Breach Today

Researchers Say Logging Server Left Online Without Authentication Tech Data says it has disabled a logging server used for its StreamOne cloud services marketplace after a data exposure. Tech Data differs with researchers over the sensitivity over what was exposed, but the logging server is offline now

How a Google Cloud Catch-22 Broke the Internet

WIRED Threat Level

A Google Cloud outage that knocked huge portions of the internet offline also blocked access to the tools Google needed to fix it. Security Security / Security News

Tools 86

Baltimore Ransomware Attack Costing City $18 Million

Data Breach Today

City's IT Department Continuing Recovery Work A month after Baltimore's IT network was hit with the RobbinHood ransomware variant, officials believe the May 7 attack will cost $18 million, which includes recovering and restoring computer systems as well as lost municipal revenue

Integrating Apps for Actionable Insight

OpenText Information Management

In a recent blog, I outlined how data is the oil of the business engine, and when fully integrated, it can deliver powerful insight. In a second blog I discussed how to unleash the power of combined data with a collaborative approach.

Blog 86

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Vendor Security Risk Management: A Growing Concern

Data Breach Today

Eddie Chang, Travelers Insurance, cyber insurance, Quest Diagnostics, Optum360, breach, Labcorp, BioReference, AMCA, American Medical Collections Agency, vendor risk management, application security

Weekly Update 142

Troy Hunt

I made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting: It was an absolute honour to induct the fantastic @troyhunt into the @Infosecurity @InfosecurityMag Hall of Fame today at #Infosec19.

Crooks stole about $10 million from GateHub cryptocurrency wallet service

Security Affairs

Cyber criminals stole 3.2 million Ripple coins (XRP), worth nearly $10 million, from the users of the GateHub cryptocurrency wallet service. A new cyber heist made the headlines, crooks stole 3.2

Dark Web Becomes a Haven for Targeted Hits

Dark Reading

Malware on the Dark Web is increasingly being customized to target specific organizations and executives

112
112

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover

Threatpost

Time's up on public disclosure of six serious bugs impacting the vendor’s IPM-721S model security camera. Privacy Vulnerabilities Web Security admin credentials Amcrest HTTP request IPM-721S camera memory corruption bug

Massive Changes to Tech and Platforms, But Cybercrime? Not So Much

Dark Reading

The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime

Study 110

SandboxEscaper releases Byebear exploit to bypass patched EoP flaw

Security Affairs

SandboxEscaper publicly disclosed a second Windows zero-day exploit dubbed ByeBear to bypass a recently patched elevation of privilege issue.

The Minefield of Corporate Email

Dark Reading

Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Forget BlueKeep: Beware the GoldBrute

Threatpost

A botnet has appeared that has attempted to brute-force 1.5 million RDP connections to Windows systems in the last few days — and counting. Malware Web Security bluekeep botnet brute force goldbrute growing activity RDP remote desktop windows connections Worm

Vulnerability Found in Millions of Email Systems

Dark Reading

The vuln could allow remote execution of code with root privilege in more than 4.1 million systems

108
108

Millions of data workers face inefficiencies as data complexity grows

Information Management Resources

Approximately 54 million data workers around the world face common challenges associated with the complexity, diversity and scale of their organizations’ data, and nearly half of their work time is wasted, says a new study. Analytics Data management Data strategy

Study 70

SandboxEscaper Debuts ByeBear Windows Patch Bypass

Threatpost

SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch. Hacks byebear bypass CVE-2019-0841 Microsoft Windows microsoft zero day sandboxescaper second exploit vulnerability

100
100

Making the Critical Connection between SAP and Office 365

OpenText Information Management

In today’s ever evolving business landscape, a seamless connection between front-end applications such as Microsoft Office 365 and back end system such as SAP systems is crucial to helping companies respond quickly to changing market conditions.

Threatlist: Targeted Espionage-as-a-Service Takes Hold on the Dark Web

Threatpost

One in four underground merchants offer advanced hacking services, once reserved for APTs and well-funded organized crime gangs.

Cryptocurrency startup Komodo hacks itself to protect its users’ funds from hackers

Security Affairs

The Cryptocurrency startup Komodo hacked itself to protect the funds of its users and avoid that hackers steal them exploiting a flaw in its Agama wallet. The story I’m going to tell you is amazing, the Cryptocurrency startup Komodo hacked itself after discovered a backdoor in its Agama wallet.

The internet will always be there for you. Or not.

DXC Technology

Digital transformation as we know it would be impossible without the internet. This global network of connected computers and devices enables us to access information, resources, and services, to transact business, to communicate and collaborate in real time from anywhere in the world, to entertain and educate ourselves, and more. Without the internet, everyone would […]. Networks Public Sector Smart Cities Technology, Media & Entertainment, Telecommunications broadband internet

News Wrap: Infosecurity Europe Highlights and BlueKeep Anxiety

Threatpost

The Threatpost editors discuss the highlights from Infosecurity Europe, which took place in London this week. IoT Podcasts Privacy Authentication blue keep Have I Been Pwned infosecurity Europe Microsoft Password password reuse Security Tap 'n Ghost

Friday Squid Blogging: Possible New Squid Species

Schneier on Security

NOAA video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. squid

Video 59

Learn the Latest Hacking Techniques at Black Hat Trainings Virginia

Dark Reading

At Black Hat's upcoming Trainings-only October event you'll have opportunities to get up to speed on the newest hacking tricks for operating systems and cloud providers

Troy Hunt: ‘Messy’ Password Problem Isn’t Getting Better

Threatpost

Poor password hygiene continues to plague the security industry, Troy Hunt said during Infosecurity Europe. Breach Web Security Authentication Have I Been Pwned infosecurity Europe Password password reuse Security Troy Hunt

De-biasing language to achieve more balanced analytics

Information Management Resources

De-biasing might even make bias more dangerous by hiding it, rather than leaving it out in the open. The toughest problems are often the ones you only think you’ve solved. Artificial intelligence Machine learning Data modeling