Fri.Apr 12, 2019

US CERT Warns of N. Korean 'Hoplight' Trojan

Data Breach Today

Hidden Cobra, Also Known as Lazarus, Appears to Be Behind the Malware U.S. CERT has issued a fresh warning about a newly discovered Trojan called Hoplight that is connected to a notorious APT group with links to North Korea.

Groups 254

APT28 and Upcoming Elections: evidence of possible interference

Security Affairs

In mid-March , a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction. In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild.

Two Romanian Nationals Convicted in 'Bayrob' Malware Case

Data Breach Today

Found Guilty in Case Involving a Massive Botnet Two Romanian nationals have been convicted by a federal jury for their roles in stealing more than $4 million from victims by creating a botnet of more than 400,000 PCs through custom-designed malware called Bayrob

184
184

Emsisoft released a free decryptor for CryptoPokemon ransomware

Security Affairs

Good news for the victims of the CryptoPokemon ransomware , security experts at Emsisoft just released a free decrypter tool. Victims of the CryptoPokemon ransomware have a good reason to smile, security experts at Emsisoft have released a free decrypter tool.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Report: Healthcare Is No. 1 - For Breaches

Data Breach Today

New Studies Analyzes Breach Trends and Offers Mitigation Advice The healthcare sector was the No. 1 target for major data breaches last year, according to a new report. And the No. 1 cause of breaches in all sectors was phishing. What can be done to prevent these incidents

More Trending

Why Companies are Replacing AV with Advanced Endpoint Protection

Data Breach Today

Learn how next-generation AV in the cloud solves a variety of common problems legacy AV users face

Cloud 179

Maliciously Tampering with Medical Imagery

Schneier on Security

In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists. I don't think the medical device industry has thought at all about data integrity and authentication issues.

WikiLeaks' Assange: A Nexus of Media, Hacking and Activism

Data Breach Today

Assange Could Still Face More Serious Charges From U.S. WikiLeaks founder Julian Assange's hacker roots and nontraditional approach to journalism may prove damaging following his arrest on Thursday. He's been charged with one count of conspiracy, but U.S. prosecutors still have time to file more serous charges pending his extradition from the U.K.

155
155

Siemens addressed several DoS flaws in many products

Security Affairs

Siemens Patch Tuesday updates for April 2019 address several serious vulnerabilities, including some DoS flaws in many industrial products. Siemens has released Patch Tuesday updates that address several serious flaws including some DoS vulnerabilities.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Another Scathing Equifax Post-Breach Report

Data Breach Today

The latest edition of the ISMG Security Report features an update on a congressional report that slams Equifax for lacking a strong cybersecurity culture. Also featured: A new study on the status of women in the cybersecurity industry and the use of Android phones as security keys

The hacker behind Matrix.org hack offers advice to improve security

Security Affairs

The hacker that hacked and defaced Matrix.org decided to disclose the security issues discovered during the attack and offers advice. This week, the hacker behind the hack of Matrix.org decided to disclose the vulnerabilities discovered during the attack.

Cybersecurity Incident Response and Managing Risk

Data Breach Today

IBM's Anup Kanti Deb Offers Insights Incident response is an ongoing process, a lifecycle that requires a risk mitigation strategy covering operational, legal and reputational risk

Risk 138

Q&A: How cutting out buzzwords could actually ease implementation of powerful security tools

The Last Watchdog

The central dilemma posed by digital transformation is this: How do companies reap the benefits of high-velocity software development without creating onerous security exposures? Related: Golden Age of cyber spying dawns. The best practices standards and protocols to pull off this delicate balancing act have been thoroughly vetted and are readily available. And there’s certainly no shortage of sophisticated technology solutions. So what’s missing?

Tools 116

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

New Version of Flame Malware Discovered

Schneier on Security

Flame was discovered in 2012, linked to Stuxnet, and believed to be American in origin. It has recently been linked to more modern malware through new analysis tools that find linkages between different software. Seems that Flame did not disappear after it was discovered, as was previously thought.

VPN apps insecurely store session cookies in memory and log files

Security Affairs

At least four VPN apps sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC). Virtual private networks (VPNs) are affordable, easy to use, and a vital component in your system. Along with many security features, it ensure the user’s privacy and security.

Weekly Update 134

Troy Hunt

That's the second update in a row I've done on time! It's also another one with a bunch of other things in common with last week, namely commentary on yet more data breaches. It's not just the breaches in HIBP, but the ones I'm busily trying to disclose.

Malware campaign uses multiple propagation methods, including EternalBlue

Security Affairs

Hackers are using the EternalBlue exploit and leveraging advantage of Living off the Land ( LotL ) obfuscated PowerShell-based scripts to deliver malware and a Monero cryptocurrency. Security experts at Trend Micro have uncovered a malware campaign that is targeting Asian entities using the EternalBlue exploit and leveraging advantage of Living off the Land (LotL) obfuscated PowerShell-based scripts to deliver malware and a Monero cryptocurrency.

Money can’t buy happiness — or job satisfaction

DXC Technology

Happiness in a job depends on a combination of factors, including whether the position fits with your skill set and interests, how it meets your expectations (and how you’re meeting the organization’s expectations), the salary and perks, growth potential, culture, and relevance to the enterprise’s core strategic mission. It’s a very individual thing. There are […]. Career Digital Transformation Workplace Glassdoor tech jobs

Why Are Documents Redacted?

Record Nations

Redaction, sometimes called sanitization or data anonymization, is the process of removing confidential or sensitive information from a document to protect that information.

Friday Squid Blogging: Detecting Illegal Squid Fishing with Satellite Imagery

Schneier on Security

Interesting. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. squid

Blog 61

8 'SOC-as-a-Service' Offerings

Dark Reading

These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations

Cloud 87

Top 3 themes: winning use cases in data science and AI

IBM Big Data Hub

I am working on a project that requires a lot of research on how people are using artificial intelligence (AI) and machine learning (ML) in real-world business cases.

US-CERT, CISA Warn of Vuln in at Least 4 Major VPNs

Dark Reading

VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies

North Korea’s Hidden Cobra Strikes U.S. Targets with HOPLIGHT

Threatpost

The custom malware is a spy tool and can also disrupt processes at U.S. assets. Government Malware active attacks apt Businesses Hidden Cobra hoplight Lazarus Group Malware analysis North Korea US government

Tools 84

Firms, employees hold different views on data ethics, ownership

Information Management Resources

IT leaders and employees differ on data ethics and ownership and the root causes of insider breaches, according to a report by security vendor Egress. Corporate ethics Data strategy Data management

CERT, CISA Warn of Vuln in at Least 4 Major VPNs

Dark Reading

VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies

WordPress Yellow Pencil Plugin Flaws Actively Exploited

Threatpost

Yet another Wordpress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered. Vulnerabilities Web Security Exploit patch software vulnerability wordpress Wordpress plugin Yellow Pencil Visual Theme Customizer zero day

DXC Technology Named Micro Focus ADM Collaboration Partner of the Year

Micro Focus

Micro Focus Partners are a key part of our ability to be successful in the market. One example of that is our newly announced Micro Focus Partner Program that has just been rated by CRN’s Partner Program Guide evaluation as a 5-Star winner. Via our program, partners like DXC have an opportunity to generate more. View Article. Application Delivery and Testing Company Culture Corporate ALM Application Delivery Business Partners Micro Focus Business Partner

ThreatList: Tax Scammers Launch a Raft of Fake Mobile Apps

Threatpost

Convincing phishing pages and millions of suspicious apps are plaguing tax season. Government Mobile Security Most Recent ThreatLists Privacy Web Security fake mobile app h&r block last minute tax prep Phishing RiskIQ Scams Tax day

Cloudy with a Chance of Security Breach

Dark Reading

Businesses must be aware of the security weaknesses of the public cloud and not assume that every angle is covered

Cloud 74

ICRM Releases Spring 2019 Newsletter

IG Guru

The post ICRM Releases Spring 2019 Newsletter appeared first on IG GURU. ICRM IG GURU IG News Information Governance Records Management Risk News Sponsored 2019 CRA CRM Newsletter Spring