Tue.Mar 12, 2019

Georgia County Pays $400,000 to Ransomware Attackers

Data Breach Today

Cybercrime Gang Wielding Ryuk Eyed as Culprit Officials in Jackson County, Georgia, along with the FBI are investigating a ransomware attack that crippled IT systems over a two-week period and reportedly led local officials to pay a bitcoin ransom worth $400,000 to restore systems and infrastructur

Patch Tuesday, March 2019 Edition

Krebs on Security

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on.

Tips 166

Endpoint Investigation Made Easier: Better Data. Better Decisions.

Data Breach Today

How to use endpoint data to see the full context - resulting in a faster time to decision for you. With the right data and the right context, anyone can investigate and make decisions with speed, clarity, and confidence

How To 204

MY TAKE: What the Ethiopian 737 Max 8 crash should tell us about the safety of ‘smart’ jetliners

The Last Watchdog

When news broke about the crash of a Ethiopian Airlines Boeing 737, the first question that popped into my head was whether an older 737 model, still using the flawed rudder actuator, might have been involved. Related: Historical context of the rudder flaws on older model 737s. Of course it was actually the newest iteration of the 737, the Max 8. I’m no longer covering aviation.

Course 155

President's Proposed 2020 Budget: Impact on Cybersecurity

Data Breach Today

Some Agencies Would See Steep Cuts; Others Would Get Funding for Cyber Efforts The Trump administration's proposed fiscal 2020 budget calls for substantial cuts at many non-defense agencies, but it would provide extra funding for certain cybersecurity-related efforts

Citrix Hack Exposes Customer Data

Adam Levin

Citrix, a major network software company, had its internal network compromised by what appears to be an international hacking campaign. The company was alerted to the cyberattack by the FBI earlier this month.

More Trending

Users claim Samsung Galaxy S10 Face Recognition can be bypassed

Security Affairs

The screen lock feature in the Samsung Galaxy S10 that is based on face recognition can be easily bypassed using a photo or a video of the owner.

Video 95

On Surveillance in the Workplace

Schneier on Security

Tools 92

Apex Legends for Android: a Fake App could Compromise your Smartphone

Security Affairs

Yoroi -Cybaze ZLab malware researchers have analyzed four different fake android APKs that pretend to be versions of the Apex Legends game. Introduction. At the beginning of 2019, Electronic Arts released a game for PC, XBox One and Playstation 4 named Apex Legends.

Food for thought – a visit to IBM Think 2019

Micro Focus

A global event for those moving in the twin worlds of digitalization and the mainframe, IBM Think 2019 hosted 30,000 visitors in San Francisco, CA. Que Mangus, Product Marketing Manager, found genuine synergy between the event content and the Micro Focus modernization story. Here’s the first of two blogs … There was so much to. View Article.

Vulnerability research hub Crowdfense is willing to pay $3 Million for iOS, Android zero-day exploits

Security Affairs

orld-leading vulnerability research hub Crowdfense is offering up to $3 million for full-chain, zero-day exploits for iOS and Android. Vulnerability research firm Crowdfense is offering up to $3 million for working exploits for iOS and Android zero-day.

IT 83

Data privacy is changing the relationship between you and your customers

OpenText Information Management

The capture and collection of personal data is an important requirement in order to provide the individual, customized and tailored experience that people are demanding.

Mysterious open database included ‘BreedReady’ status for 1.8 Million Women

Security Affairs

Expert found an open database in China containing the personal information of more than 1.8 million women, including a strange “BreedReady” status. Another data leak made the headlines, this time a database containing a creepy set of details collected on more than 1.8 million women in China was left unprotected online. The huge trove of data included personal info (i.e. name, age, and date of birth, phone numbers, addresses) along with a “BreedReady” status.

Citrix Breach Underscores Password Perils

Dark Reading

Attackers used a short list of passwords to knock on every digital door to find vulnerable systems in the vendor's network

CISO: The C-Level executive missing from your board

IG Guru

By a CyberFeminist Hacker, currently Regional Business Information Security Officer. The post CISO: The C-Level executive missing from your board appeared first on IG GURU. Breach Business IG News Information Governance information privacy information security Security CISO Cyber Security Executive

Guest Blog: End-to-End Data Encryption with Data Reduction from Thales & Pure Storage

Thales eSecurity

At the 2019 RSA Conference, Pure Storage and Thales introduced Vormetric Transparent Encryption for Efficient Storage – the IT and security industries’ first end-to-end data encryption framework that realizes storage array data reduction.

Why It's So Hard to Restart Venezuela's Power Grid

WIRED Threat Level

Approaching a full week, Venezuela's national power outage shows just how hard it is to restart a grid from scratch. Security

IT 67

Microsoft Patch Tuesday updates for March 2019 patches two Windows flaws exploited in targeted attacks

Security Affairs

Microsoft Patch Tuesday updates for March 2019 address 64 flaws, including two Windows zero-day vulnerabilities exploited in targeted attacks. Microsoft Patch Tuesday updates for March 2019 address 64 vulnerabilities, including two Windows zero-day flaws that have been exploited in targeted attacks.

Firefox Send Is an Easy Way to Share Large Files Securely

WIRED Threat Level

Mozilla has made public an encrypted file-sharing service with a self-destruct twist. Security

Governance in Healthcare: A Growing Need for Reference Mode

Perficient Data & Analytics

Of all the governance trends, none is more foundational and critical to the success of the governance program – indeed the organization itself – than the need for accurate, consistent, and relevant models that communicate the meaning, use, and residency of the assets of the enterprise.

Integrating Structured and Unstructured Data; Are we there already?

Everteam

“By 2022, 50% of organizations will include unstructured, semistructured and structured data within the same governance program, up from less than 10% today.” Gartner Market Guide for File Analytics.

Test principles – Data Warehouse vs Data Lake vs Data Vault

Perficient Data & Analytics

Understand Data Warehouse, Data Lake and Data Vault and their specific test principles. This blog tries to throw light on the terminologies data warehouse, data lake and data vault.

Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes

Threatpost

Microsoft won't be patching the bug, but a proof of concept shows the potential for successful malware implantation. Vulnerabilities Microsoft Proof of Concept remote code execution backdoor User Account Control user dialog box vulnerability Windows 10 Windows registry

Pulling an Uber: Customer experience in Financial Services

OpenText Information Management

Brands like Velcro and Kleenex have become so much a part of people’s lives that they are now used as universal references for all products in that category – or sometimes used as verbs, as is the case with Google.

It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job

Dark Reading

Meanwhile, organizations are looking at unconventional ways to staff up and train their workforce as technical expertise gets even harder to find

Questions to ask a document imaging provider – Part 1

TAB OnRecord

Choosing a document imaging partner isn’t an easy task. Document conversions are often large, high-profile projects, which means the stakes are high and you want to be sure you get it right. Another big challenge is knowing what to look for.

Adam Levin Discusses Misuse of Federal Databases on CBS This Morning

Adam Levin

Adam Levin was on a recent episode of CBS This Morning to discuss a police officer accused of using federal databases to prowl for women. “It’s a violation of privacy. It’s a violation of professional ethics.

IT 53

Adobe Patch Tuesday updates address critical in Photoshop, Digital Editions

Security Affairs

Adobe Patch Tuesday updates for March 2019 address critical vulnerabilities in Photoshop CC and Digital Editions products. Adobe Patch Tuesday updates for March 2019 address critical flaws in Photoshop CC and Digital Editions products. The updates address a heap overflow issue affecting the Digital Editions ebook reader software, the bug could be exploited by attackers to execute arbitrary code in the context of the current user (CVE-2019-7095).

eBook 52

Can a Stalker Story Help Cybersecurity at Your Company?

Adam Levin

Florida police officer Leonel Marines resigned after a police investigation resulted in allegations that the 12-year veteran of the Bradenton Police Department had been using police data bases like a dating app to locate potential women for fun and maybe more. Protect and Serve, meet self-service.

Social Media and the Financial Services Industry

InfoGoTo

Social media platforms have created a powerful and popular direct method of connecting with customers for sales, marketing and support purposes. At the same time, businesses have been forced to collect and make available social media content for eDiscovery and regulatory compliance.

Do You Have FOMO? You Should—If You’re Not Finding and Collecting Dynamic Web Evidence

Hanzo Learning Center

Do you have FOMO? And do you have FOMO about the right things? social media ediscovery social media collection native format online investigation dynamic web capture dynamic format dynamic web evidence static

52

The 12 Worst Serverless Security Risks

Dark Reading

A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts

Cloud 73

3 challenges facing insurers in data science implementation

Information Management Resources

Data mastery is a priority for carriers across business lines, but there are still roadblocks. Data science Data Scientist Chief Data Officer Data warehouses

Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack

Dark Reading

Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild

71