August, 2018

Q&A: How your typing and screen swiping nuances can verify your identity

The Last Watchdog

The recent data breaches at Timehop and Macy’s are the latest harbingers of what’s in store for companies that fail to vigorously guard access to all of their mission-critical systems. Related podcast: Why identities are the new firewall. A common thread to just about every deep network breach these days is the failure of the victimized entity to effectively deploy multi-factor authentication (MFA) to at least make it harder for threat actors to access their sensitive systems.

Creating a Holistic View: Data Consolidation and Integration

Perficient Data & Analytics

The consolidation of data and integration of systems is essential to providing a holistic 360-degree view of patients and members. This view can enable a variety of activities to enhance and drive efficiency in business and clinical activities, such as increasing patient safety and the quality of care healthcare delivery organizations provide to patients. One organization that understands the challenges associated with bringing data together across a large number of hospitals is Mayo Clinic.

T-Mobile Database Breach Exposes 2 Million Customers' Data

Data Breach Today

Attacker Wants to Sell Stolen Data, Security Researcher Warns T-Mobile has suffered a breach that may have exposed personal data for 2.3 million of its 77 million customers, and one security researcher says the hacker appears to be keen to sell the stolen data

Hanging Up on Mobile in the Name of Security

Krebs on Security

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

List of data breaches and cyber attacks August 2018 – 215,000,000 records leaked

IT Governance

As we end the near of August, it’s time to tally up the month’s breaches. The volume of breaches is actually rather low in comparison to recent months; however the number of leaked records is a staggering 215,009,428.

More Trending

Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack

The Last Watchdog

Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA. To the contrary, DDoS attacks appear to be scaling up and getting more sophisticated in lock step with digital transformation; DDoS attacks today are larger, more varied and come at the targeted website from so many more vectors than ever before.

IoT 194

Robotics in Healthcare – Beam Me Up or Be Gone?

Perficient Data & Analytics

When you hear the word “robot” like most, you probably begin thinking of a fictional, sci-fi movie – Star Wars; Short Circuit; I, Robot, etc., rarely would you think healthcare. Given the recent uptick in the use of robotics within the health sector, this could soon change. Robotics is not a foreign concept to the healthcare industry. In fact, the use of robots was introduced to the world of medicine back in the 1980’s.

Trends 116

FBI Warns Of Pending Large Scale ATM Cashout Strike

Data Breach Today

Attack May Pivot On A Data Breach At 'Unknown Card Issuer' Agency Says The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs, a type of attack that has caused swift and costly losses for financial institutions.

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

Krebs on Security

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Backdoors in Cisco Routers

Schneier on Security

We don't know if this is error or deliberate action, but five backdoors have been discovered already this year. backdoors cisco hardware

93

Android mobile devices from 11 vendors are exposed to AT Commands attacks

Security Affairs

A group of researchers has conducted an interesting study on AT commands attacks on modern Android devices discovering that models of 11 vendors are at risk.

Paper 91

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.

Mining 172

Do you have a data breach response plan?

IT Governance

The EU GDPR (General Data Protection Regulation) requires organisations to respond to serious data breaches within 72 hours of detection.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Russian Trolls 'Spread Vaccine Misinformation' Online

Data Breach Today

Bots and Trolls Account for Majority of Vaccine Tweets, Researchers Find Public health alert: Russian trolls have been spreading "polarized and anti-vaccine" misinformation via social media in a manner that appears designed to undercut trust in vaccines, researchers warn.

201
201

Florida Man Arrested in SIM Swap Conspiracy

Krebs on Security

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.

Three of My Books Are Available in DRM-Free E-Book Format

Schneier on Security

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 15 gets you everything, and they're all DRM-free.

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

WIRED Threat Level

Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world. Security Backchannel

Trend Micro takes multi-pronged approach to narrowing the gaping cybersecurity skills gap

The Last Watchdog

Remember the old adage, you can never be too thin or too rich? The software development world has its own take on that dictum—you can never be too fast. Related: Gamification training targets iGens. Business demand dictates a frenetic pace for delivering new and better technology. To perfect the process, more organizations are taking a DevOps approach—melding software development and software operations simultaneously.

Trends 161

Essential security – Cyber Essentials and it’s five controls

IT Governance

Most criminal hackers aren’t state-sponsored agencies or activists looking for high-profile targets, and they don’t spend countless hours staking out and researching their targets. Instead, they’re more opportunistic, looking for poorly-protected targets.

Atlanta's Reported Ransomware Bill: Up to $17 Million

Data Breach Today

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe.

Pwned Passwords, Now As NTLM Hashes!

Troy Hunt

I'm still pretty amazed at how much traction Pwned Passwords has gotten this year. A few months ago, I wrote about Pwned Passwords in Practice which demonstrates a whole heap of great use cases where they've been used in registration, password reset and login flows.

Future Cyberwar

Schneier on Security

A report for the Center for Strategic and International Studies looks at surprise and war. One of the report's cyberwar scenarios is particularly compelling.

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. Google’s Chrome web browser commands a 60% market share. So the search giant has been leading the push to get 100% of websites to jettison HTTP and replace it with HTTPS.

USBHarpoon a look-like charging cable that can hack into your computer

Security Affairs

A team of security experts has devised a rogue USB charging cable named USBHarpoon that can be used to compromise a computer in just a few seconds. The team was composed of Olaf Tan and Dennis Goh of RFID Research Group , Vincent Yiu of SYON Security , and the popular Kevin Mitnick.

Video 84

Microsoft Uncovers Fresh Russian Attack Infrastructure

Data Breach Today

Fancy Bear' Mimics Domains for US Senate, International Republican Institute With the U.S.

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning

Krebs on Security

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive : The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug.

The Explosive-Carrying Drones in Venezuela Won’t Be the Last

WIRED Threat Level

There's still no good defense against drones attacks like the one that targeted Venezuelan president Nicolas Maduro Saturday. Security

2018 Run to Home Base – Another Home Run

Daymark

T hanks to All on Team Daymark. For the 9th straight year, Daymark employees, their families and clients supported “Run to Home Base” an annual event committed to helping veterans suffering from mental trauma and brain injuries. It’s an inspiring event that Daymark employees are fully committed to.

MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police?

The Last Watchdog

If there is a data breach or some other cybersecurity incident, a phishing attack was probably involved. Over 90 percent of incidents begin with a phishing email. One of the more infamous hacks in recent years, the DNC data breach , was the result of a phishing attack. Related: Carpet bombing of phishing emails endures. Phishing is the number one way organizations are breached, Aaron Higbee, CTO and co-founder of Cofense, told me at Black Hat USA 2018 in Las Vegas.

Australia banned Huawei from 5G network due to security concerns

Security Affairs

Chinese-owned telecommunications firm Huawei has been banned from Australia’s 5G network due to security concerns. The Australian government considers risky the involvement of Huawei for the rolling out of next-generation 5G communication networks.