August, 2018

Q&A: How your typing and screen swiping nuances can verify your identity

The Last Watchdog

The recent data breaches at Timehop and Macy’s are the latest harbingers of what’s in store for companies that fail to vigorously guard access to all of their mission-critical systems. Related podcast: Why identities are the new firewall. A common thread to just about every deep network breach these days is the failure of the victimized entity to effectively deploy multi-factor authentication (MFA) to at least make it harder for threat actors to access their sensitive systems.

Creating a Holistic View: Data Consolidation and Integration

Perficient Data & Analytics

The consolidation of data and integration of systems is essential to providing a holistic 360-degree view of patients and members. This view can enable a variety of activities to enhance and drive efficiency in business and clinical activities, such as increasing patient safety and the quality of care healthcare delivery organizations provide to patients. One organization that understands the challenges associated with bringing data together across a large number of hospitals is Mayo Clinic.

Data 88

T-Mobile Database Breach Exposes 2 Million Customers' Data

Data Breach Today

Attacker Wants to Sell Stolen Data, Security Researcher Warns T-Mobile has suffered a breach that may have exposed personal data for 2.3 million of its 77 million customers, and one security researcher says the hacker appears to be keen to sell the stolen data

Data 207

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

Krebs on Security

Seven Data Security Challenges You Must Meet to Comply with GDPR

Thales Data Security

The enactment of the European Union’s General Data Protection Regulation (GDPR) is a significant milestone for virtually every international business. Under the standard, organizations need to comply withan extensive set of requirements—or potentially face significant fines for failing to do so.

List of data breaches and cyber attacks August 2018 – 215,000,000 records leaked

IT Governance

As we end the near of August, it’s time to tally up the month’s breaches. The volume of breaches is actually rather low in comparison to recent months; however the number of leaked records is a staggering 215,009,428.

Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack

The Last Watchdog

Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA. To the contrary, DDoS attacks appear to be scaling up and getting more sophisticated in lock step with digital transformation; DDoS attacks today are larger, more varied and come at the targeted website from so many more vectors than ever before.

IoT 197

More Trending

FBI Warns Of Pending Large Scale ATM Cashout Strike

Data Breach Today

Attack May Pivot On A Data Breach At 'Unknown Card Issuer' Agency Says The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs, a type of attack that has caused swift and costly losses for financial institutions.

Hanging Up on Mobile in the Name of Security

Krebs on Security

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies.

Six steps to improve your file classification- Part 1

TAB OnRecord

When it comes to effectively managing files, a functional classification system is the most efficient way to go. Whether you need to build a functional classification system from scratch or overhaul an existing system, this resource shows you how.

Reconciling vulnerability responses within FIPS 140 security certifications

Thales Data Security

In this blog, I will present a new and efficient approach to reconciling security vulnerabilities and FIPS 140 security certifications, led by Thales eSecurity in collaboration with NIST/CMVP and FIPS 140 evaluation laboratories.

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.

Mining 174

Backdoors in Cisco Routers

Schneier on Security

We don't know if this is error or deliberate action, but five backdoors have been discovered already this year. backdoors cisco hardware


Russian Trolls 'Spread Vaccine Misinformation' Online

Data Breach Today

Bots and Trolls Account for Majority of Vaccine Tweets, Researchers Find Public health alert: Russian trolls have been spreading "polarized and anti-vaccine" misinformation via social media in a manner that appears designed to undercut trust in vaccines, researchers warn.


Fiserv Flaw Exposed Customer Data at Hundreds of Banks

Krebs on Security

Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned. Brookfield, Wisc.-based

Data 204

Six ways to optimize your physical records

TAB OnRecord

Physical records are necessary for day-to-day business operations, risk management and as evidence of regulatory compliance. With paper production up 180% in the past five years, and collections growing, it’s more important than ever to organize, manage and access files as efficiently as possible.

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

WIRED Threat Level

Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world. Security Backchannel

Trend Micro takes multi-pronged approach to narrowing the gaping cybersecurity skills gap

The Last Watchdog

Remember the old adage, you can never be too thin or too rich? The software development world has its own take on that dictum—you can never be too fast. Related: Gamification training targets iGens. Business demand dictates a frenetic pace for delivering new and better technology. To perfect the process, more organizations are taking a DevOps approach—melding software development and software operations simultaneously.

Trends 164

Three of My Books Are Available in DRM-Free E-Book Format

Schneier on Security

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 15 gets you everything, and they're all DRM-free.

Atlanta's Reported Ransomware Bill: Up to $17 Million

Data Breach Today

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning

Krebs on Security

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive : The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug.

Android mobile devices from 11 vendors are exposed to AT Commands attacks

Security Affairs

A group of researchers has conducted an interesting study on AT commands attacks on modern Android devices discovering that models of 11 vendors are at risk.

Paper 85

How to Stop Google From Tracking Your Location

WIRED Threat Level

A new report shows that Google still tracks your location even if you thought you opted out. Security

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. Google’s Chrome web browser commands a 60% market share. So the search giant has been leading the push to get 100% of websites to jettison HTTP and replace it with HTTPS.

Six steps to improve your file classification- Part 2

TAB OnRecord

In this two-part post we share six steps you can take to improve your current file classification process. In part one we shared insights about where to begin your classification project, and strategies for effectively subdividing your files.

Microsoft Uncovers Fresh Russian Attack Infrastructure

Data Breach Today

Fancy Bear' Mimics Domains for US Senate, International Republican Institute With the U.S.

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe.

Future Cyberwar

Schneier on Security

A report for the Center for Strategic and International Studies looks at surprise and war. One of the report's cyberwar scenarios is particularly compelling.

Digital Darwinism – Three Transformational Tactics to Consider


Digital transformation can mean different things to different organizations. For some, it might mean simply getting rid of paper. But in these competitive times organizations need to look further.

MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police?

The Last Watchdog

If there is a data breach or some other cybersecurity incident, a phishing attack was probably involved. Over 90 percent of incidents begin with a phishing email. One of the more infamous hacks in recent years, the DNC data breach , was the result of a phishing attack. Related: Carpet bombing of phishing emails endures. Phishing is the number one way organizations are breached, Aaron Higbee, CTO and co-founder of Cofense, told me at Black Hat USA 2018 in Las Vegas.

Pwned Passwords, Now As NTLM Hashes!

Troy Hunt

I'm still pretty amazed at how much traction Pwned Passwords has gotten this year. A few months ago, I wrote about Pwned Passwords in Practice which demonstrates a whole heap of great use cases where they've been used in registration, password reset and login flows.

Threat Intelligence: Beyond Indicators of Compromise

Data Breach Today

Trustwave's Brian Hussey on Creating True, Actionable Intel Too many organizations leverage advanced threat intelligence merely to detect indicators of compromise. But Brian Hussey of Trustwave wants to help them mine actionable threat intelligence to truly bolster enterprise defenses

Mining 192

Florida Man Arrested in SIM Swap Conspiracy

Krebs on Security

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.

USBHarpoon a look-like charging cable that can hack into your computer

Security Affairs

A team of security experts has devised a rogue USB charging cable named USBHarpoon that can be used to compromise a computer in just a few seconds. The team was composed of Olaf Tan and Dennis Goh of RFID Research Group , Vincent Yiu of SYON Security , and the popular Kevin Mitnick.

Video 83

CIA Network Exposed Through Insecure Communications System

Schneier on Security

Interesting story of a CIA intelligence network in China that was exposed partly because of a computer-security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated.

MY TAKE: The back story on the convergence, continuing evolution of endpoint security

The Last Watchdog

No one in cybersecurity refers to “antivirus” protection any more. The technology that corrals malicious software circulating through desktop PCs, laptops and mobile devices has evolved into a multi-layered security technology referred to as ‘endpoint security.’. This designation change unfolded a few years back.

The Explosive-Carrying Drones in Venezuela Won’t Be the Last

WIRED Threat Level

There's still no good defense against drones attacks like the one that targeted Venezuelan president Nicolas Maduro Saturday. Security