Tue.Mar 12, 2019

Georgia County Pays $400,000 to Ransomware Attackers

Data Breach Today

Cybercrime Gang Wielding Ryuk Eyed as Culprit Officials in Jackson County, Georgia, along with the FBI are investigating a ransomware attack that crippled IT systems over a two-week period and reportedly led local officials to pay a bitcoin ransom worth $400,000 to restore systems and infrastructur

Patch Tuesday, March 2019 Edition

Krebs on Security

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on.

Tips 177

Endpoint Investigation Made Easier: Better Data. Better Decisions.

Data Breach Today

How to use endpoint data to see the full context - resulting in a faster time to decision for you. With the right data and the right context, anyone can investigate and make decisions with speed, clarity, and confidence

How To 220

MY TAKE: What the Ethiopian 737 Max 8 crash should tell us about the safety of ‘smart’ jetliners

The Last Watchdog

When news broke about the crash of a Ethiopian Airlines Boeing 737, the first question that popped into my head was whether an older 737 model, still using the flawed rudder actuator, might have been involved. Related: Historical context of the rudder flaws on older model 737s. Of course it was actually the newest iteration of the 737, the Max 8. I’m no longer covering aviation.

Course 155

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

President's Proposed 2020 Budget: Impact on Cybersecurity

Data Breach Today

Some Agencies Would See Steep Cuts; Others Would Get Funding for Cyber Efforts The Trump administration's proposed fiscal 2020 budget calls for substantial cuts at many non-defense agencies, but it would provide extra funding for certain cybersecurity-related efforts

More Trending

Users claim Samsung Galaxy S10 Face Recognition can be bypassed

Security Affairs

The screen lock feature in the Samsung Galaxy S10 that is based on face recognition can be easily bypassed using a photo or a video of the owner.

Video 95

Citrix Hack Exposes Customer Data

Adam Levin

Citrix, a major network software company, had its internal network compromised by what appears to be an international hacking campaign. The company was alerted to the cyberattack by the FBI earlier this month.

Apex Legends for Android: a Fake App could Compromise your Smartphone

Security Affairs

Yoroi -Cybaze ZLab malware researchers have analyzed four different fake android APKs that pretend to be versions of the Apex Legends game. Introduction. At the beginning of 2019, Electronic Arts released a game for PC, XBox One and Playstation 4 named Apex Legends.

Integrating Structured and Unstructured Data; Are we there already?

Everteam

“By 2022, 50% of organizations will include unstructured, semistructured and structured data within the same governance program, up from less than 10% today.” Gartner Market Guide for File Analytics.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Vulnerability research hub Crowdfense is willing to pay $3 Million for iOS, Android zero-day exploits

Security Affairs

orld-leading vulnerability research hub Crowdfense is offering up to $3 million for full-chain, zero-day exploits for iOS and Android. Vulnerability research firm Crowdfense is offering up to $3 million for working exploits for iOS and Android zero-day.

IT 85

On Surveillance in the Workplace

Schneier on Security

Tools 85

Data privacy is changing the relationship between you and your customers

OpenText Information Management

The capture and collection of personal data is an important requirement in order to provide the individual, customized and tailored experience that people are demanding.

Mysterious open database included ‘BreedReady’ status for 1.8 Million Women

Security Affairs

Expert found an open database in China containing the personal information of more than 1.8 million women, including a strange “BreedReady” status. Another data leak made the headlines, this time a database containing a creepy set of details collected on more than 1.8 million women in China was left unprotected online. The huge trove of data included personal info (i.e. name, age, and date of birth, phone numbers, addresses) along with a “BreedReady” status.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Food for thought – a visit to IBM Think 2019

Micro Focus

A global event for those moving in the twin worlds of digitalization and the mainframe, IBM Think 2019 hosted 30,000 visitors in San Francisco, CA. Que Mangus, Product Marketing Manager, found genuine synergy between the event content and the Micro Focus modernization story. Here’s the first of two blogs … There was so much to. View Article.

Citrix Breach Underscores Password Perils

Dark Reading

Attackers used a short list of passwords to knock on every digital door to find vulnerable systems in the vendor's network

Firefox Send Is an Easy Way to Share Large Files Securely

WIRED Threat Level

Mozilla has made public an encrypted file-sharing service with a self-destruct twist. Security

CISO: The C-Level executive missing from your board

IG Guru

By a CyberFeminist Hacker, currently Regional Business Information Security Officer. The post CISO: The C-Level executive missing from your board appeared first on IG GURU. Breach Business IG News Information Governance information privacy information security Security CISO Cyber Security Executive

Why It's So Hard to Restart Venezuela's Power Grid

WIRED Threat Level

Approaching a full week, Venezuela's national power outage shows just how hard it is to restart a grid from scratch. Security

IT 69

Guest Blog: End-to-End Data Encryption with Data Reduction from Thales & Pure Storage

Thales eSecurity

At the 2019 RSA Conference, Pure Storage and Thales introduced Vormetric Transparent Encryption for Efficient Storage – the IT and security industries’ first end-to-end data encryption framework that realizes storage array data reduction.

Microsoft Patch Tuesday updates for March 2019 patches two Windows flaws exploited in targeted attacks

Security Affairs

Microsoft Patch Tuesday updates for March 2019 address 64 flaws, including two Windows zero-day vulnerabilities exploited in targeted attacks. Microsoft Patch Tuesday updates for March 2019 address 64 vulnerabilities, including two Windows zero-day flaws that have been exploited in targeted attacks.

Majority of organizations still report a lack of cyber security budget

DXC Technology

Despite years of widespread data breaches and increased regulatory demands, 75 percent of respondents to a recent survey do not believe that they have an adequate information security budget. Additionally, attackers continue to successfully use compromised credentials in attacks, and while 93 percent of organizations surveyed are aware of the vulnerability and attack technique — […]. Security cybersecurity security awareness

Governance in Healthcare: A Growing Need for Reference Mode

Perficient Data & Analytics

Of all the governance trends, none is more foundational and critical to the success of the governance program – indeed the organization itself – than the need for accurate, consistent, and relevant models that communicate the meaning, use, and residency of the assets of the enterprise.

It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job

Dark Reading

Meanwhile, organizations are looking at unconventional ways to staff up and train their workforce as technical expertise gets even harder to find

Test principles – Data Warehouse vs Data Lake vs Data Vault

Perficient Data & Analytics

Understand Data Warehouse, Data Lake and Data Vault and their specific test principles. This blog tries to throw light on the terminologies data warehouse, data lake and data vault.

Pulling an Uber: Customer experience in Financial Services

OpenText Information Management

Brands like Velcro and Kleenex have become so much a part of people’s lives that they are now used as universal references for all products in that category – or sometimes used as verbs, as is the case with Google.

ThreatList: Phishing Attacks Doubled in 2018

Threatpost

Scammers used both older, tested-and-true phishing tactics in 2018 - but also newer tricks, such as fresh distribution methods, according to a new report. Most Recent ThreatLists Web Security Cryptocurrency Kaspersky Phishing rate of attacks scam social media phishing Spam tax phishing the report

Questions to ask a document imaging provider – Part 1

TAB OnRecord

Choosing a document imaging partner isn’t an easy task. Document conversions are often large, high-profile projects, which means the stakes are high and you want to be sure you get it right. Another big challenge is knowing what to look for.

Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes

Threatpost

Microsoft won't be patching the bug, but a proof of concept shows the potential for successful malware implantation. Vulnerabilities Microsoft Proof of Concept remote code execution backdoor User Account Control user dialog box vulnerability Windows 10 Windows registry

The 12 Worst Serverless Security Risks

Dark Reading

A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts

Cloud 76

Microsoft Patches Two Win32k Bugs Under Active Attack

Threatpost

Microsoft's March Patch Tuesday updates include 64 fixes, 17 of which are rated critical. Vulnerabilities critical vulnerability DHCP DHCP vulnerability Kaspersky Lab March Patch Tuesday NuGet patch tuesday SHA-2 Code Sign Win32k elevation of privilege

75

Adobe Patch Tuesday updates address critical in Photoshop, Digital Editions

Security Affairs

Adobe Patch Tuesday updates for March 2019 address critical vulnerabilities in Photoshop CC and Digital Editions products. Adobe Patch Tuesday updates for March 2019 address critical flaws in Photoshop CC and Digital Editions products. The updates address a heap overflow issue affecting the Digital Editions ebook reader software, the bug could be exploited by attackers to execute arbitrary code in the context of the current user (CVE-2019-7095).

eBook 52