Fri.Jun 07, 2019

GoldBrute Botnet Brute-Force Attacking 1.5M RDP Servers

Data Breach Today

Botnet Scanning Internet for Vulnerable Windows Machines A new botnet called GoldBrute is actively scanning the internet and using brute-force methods to attack 1.5 million Windows machines that have exposed Remote Desktop Protocol connections, according to research from Morphus Labs.

Groups 218

iOS Shortcut for Recording the Police

Schneier on Security

" Hey Siri; I'm getting pulled over " can be a shortcut: Once the shortcut is installed and configured , you just have to say, for example, "Hey Siri, I'm getting pulled over."

Video 111

Feds Charge Four in New Darkode Case

Data Breach Today

All Four Charged With Racketeering Conspiracy Federal prosecutors brought racketeering and other charges against four people, including one U.S. citizen, related to Darkode, a notorious online forum that specialized in buying and selling of malware and other hacking tools.

Tools 177

Fort Worth IT Professionals Fired for Reporting Cybersecurity Issues: What We Know

Security Affairs

In October 2017, the city of Fort Worth, Texas became the target of a phishing scam. Their accounts payable department received an email that appeared to be from Imperial Construction, a company that was doing business with the city at the time. The sender of the email, later identified as Gbenga A.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Analysis: Apple's New Single Sign-On Feature

Data Breach Today

The latest edition of the ISMG Security Report describes Apple's newly announced single sign-on function that's built with privacy in mind. Plus, a discussion of the "other" insider threat and an Infosecurity Europe conference recap

More Trending

Baltimore Ransomware Attack Costing City $18 Million

Data Breach Today

City's IT Department Continuing Recovery Work A month after Baltimore's IT network was hit with the RobbinHood ransomware variant, officials believe the May 7 attack will cost $18 million, which includes recovering and restoring computer systems as well as lost municipal revenue

Crooks stole about $10 million from GateHub cryptocurrency wallet service

Security Affairs

Cyber criminals stole 3.2 million Ripple coins (XRP), worth nearly $10 million, from the users of the GateHub cryptocurrency wallet service. A new cyber heist made the headlines, crooks stole 3.2

Tech Data Says It Has Closed Off StreamOne Data Exposure

Data Breach Today

Researchers Say Logging Server Left Online Without Authentication Tech Data says it has disabled a logging server used for its StreamOne cloud services marketplace after a data exposure. Tech Data differs with researchers over the sensitivity over what was exposed, but the logging server is offline now

New GoldBrute Botnet is attempting to infect 1.5 Million RDP Servers

Security Affairs

A new botnet tracked as GoldBrute is scanning the web for Windows machines with Remote Desktop Protocol (RDP) connection enabled. A new botnet tracked as GoldBrute has appeared in the threat landscape, it is scanning the web for Windows machines with Remote Desktop Protocol (RDP) connection enabled.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Vendor Security Risk Management: A Growing Concern

Data Breach Today

Eddie Chang, Travelers Insurance, cyber insurance, Quest Diagnostics, Optum360, breach, Labcorp, BioReference, AMCA, American Medical Collections Agency, vendor risk management, application security

Integrating Apps for Actionable Insight

OpenText Information Management

In a recent blog, I outlined how data is the oil of the business engine, and when fully integrated, it can deliver powerful insight. In a second blog I discussed how to unleash the power of combined data with a collaborative approach.

Blog 85

SandboxEscaper releases Byebear exploit to bypass patched EoP flaw

Security Affairs

SandboxEscaper publicly disclosed a second Windows zero-day exploit dubbed ByeBear to bypass a recently patched elevation of privilege issue.

Weekly Update 142

Troy Hunt

I made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting: It was an absolute honour to induct the fantastic @troyhunt into the @Infosecurity @InfosecurityMag Hall of Fame today at #Infosec19.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

How a Google Cloud Catch-22 Broke the Internet

WIRED Threat Level

A Google Cloud outage that knocked huge portions of the internet offline also blocked access to the tools Google needed to fix it. Security Security / Security News

Tools 81

6 steps to establishing a digital workplace

Information Management Resources

Businesses intent on digital transformation are gaining that advantage by adopting a digital workplace to build cutting-edge teams. Digital transformation Data management Employee engagement Data strategy

Cryptocurrency startup Komodo hacks itself to protect its users’ funds from hackers

Security Affairs

The Cryptocurrency startup Komodo hacked itself to protect the funds of its users and avoid that hackers steal them exploiting a flaw in its Agama wallet. The story I’m going to tell you is amazing, the Cryptocurrency startup Komodo hacked itself after discovered a backdoor in its Agama wallet.

Dark Web Becomes a Haven for Targeted Hits

Dark Reading

Malware on the Dark Web is increasingly being customized to target specific organizations and executives

103
103

Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover

Threatpost

Time's up on public disclosure of six serious bugs impacting the vendor’s IPM-721S model security camera. Privacy Vulnerabilities Web Security admin credentials Amcrest HTTP request IPM-721S camera memory corruption bug

Massive Changes to Tech and Platforms, But Cybercrime? Not So Much

Dark Reading

The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime

Study 101

Making the Critical Connection between SAP and Office 365

OpenText Information Management

In today’s ever evolving business landscape, a seamless connection between front-end applications such as Microsoft Office 365 and back end system such as SAP systems is crucial to helping companies respond quickly to changing market conditions.

Vulnerability Found in Millions of Email Systems

Dark Reading

The vuln could allow remote execution of code with root privilege in more than 4.1 million systems

100
100

Forget BlueKeep: Beware the GoldBrute

Threatpost

A botnet has appeared that has attempted to brute-force 1.5 million RDP connections to Windows systems in the last few days — and counting. Malware Web Security bluekeep botnet brute force goldbrute growing activity RDP remote desktop windows connections Worm

The Minefield of Corporate Email

Dark Reading

Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud

Friday Squid Blogging: Possible New Squid Species

Schneier on Security

NOAA video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. squid

Video 60

De-biasing language to achieve more balanced analytics

Information Management Resources

De-biasing might even make bias more dangerous by hiding it, rather than leaving it out in the open. The toughest problems are often the ones you only think you’ve solved. Artificial intelligence Machine learning Data modeling

SandboxEscaper Debuts ByeBear Windows Patch Bypass

Threatpost

SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch. Hacks byebear bypass CVE-2019-0841 Microsoft Windows microsoft zero day sandboxescaper second exploit vulnerability

84

Using AI to find the ideal branch location

Information Management Resources

Paramount Financial Technologies says its software can help banks answer key questions about their branch networks, including when it makes sense to expand them. Community banking Branch banking Branch management Branch network Fintech Massachusetts

IT 78

Threatlist: Targeted Espionage-as-a-Service Takes Hold on the Dark Web

Threatpost

One in four underground merchants offer advanced hacking services, once reserved for APTs and well-funded organized crime gangs.

JetBlue's Eash Sundaram wins symposium's CIO Leadership Award

Information Management Resources

The Annual MIT Sloan CIO Symposium recently announced that Eash Sundaram, executive vice president and chief digital and technology officer at JetBlue, is the recipient of the prestigious honor. CIO Chief Data Officer Data strategy

News Wrap: Infosecurity Europe Highlights and BlueKeep Anxiety

Threatpost

The Threatpost editors discuss the highlights from Infosecurity Europe, which took place in London this week. IoT Podcasts Privacy Authentication blue keep Have I Been Pwned infosecurity Europe Microsoft Password password reuse Security Tap 'n Ghost

Gucci owner Kering adds digital tools to help keep up growth

Information Management Resources

Kering is equipping sales assistants with new software and using artificial intelligence to better allocate stocks in the hopes that digital tools can keep up rapid growth at brands including the red-hot Gucci label. Hardware and software Artificial intelligence Retail industry

Sales 78