August, 2018

Q&A: How your typing and screen swiping nuances can verify your identity

The Last Watchdog

The recent data breaches at Timehop and Macy’s are the latest harbingers of what’s in store for companies that fail to vigorously guard access to all of their mission-critical systems. Related podcast: Why identities are the new firewall. A common thread to just about every deep network breach these days is the failure of the victimized entity to effectively deploy multi-factor authentication (MFA) to at least make it harder for threat actors to access their sensitive systems.

Creating a Holistic View: Data Consolidation and Integration

Perficient Data & Analytics

The consolidation of data and integration of systems is essential to providing a holistic 360-degree view of patients and members. This view can enable a variety of activities to enhance and drive efficiency in business and clinical activities, such as increasing patient safety and the quality of care healthcare delivery organizations provide to patients. One organization that understands the challenges associated with bringing data together across a large number of hospitals is Mayo Clinic.

T-Mobile Database Breach Exposes 2 Million Customers' Data

Data Breach Today

Attacker Wants to Sell Stolen Data, Security Researcher Warns T-Mobile has suffered a breach that may have exposed personal data for 2.3 million of its 77 million customers, and one security researcher says the hacker appears to be keen to sell the stolen data

Hanging Up on Mobile in the Name of Security

Krebs on Security

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies.

Seven Data Security Challenges You Must Meet to Comply with GDPR

Thales eSecurity

The enactment of the European Union’s General Data Protection Regulation (GDPR) is a significant milestone for virtually every international business. Under the standard, organizations need to comply withan extensive set of requirements—or potentially face significant fines for failing to do so.

List of data breaches and cyber attacks August 2018 – 215,000,000 records leaked

IT Governance

As we end the near of August, it’s time to tally up the month’s breaches. The volume of breaches is actually rather low in comparison to recent months; however the number of leaked records is a staggering 215,009,428.

More Trending

Robotics in Healthcare – Beam Me Up or Be Gone?

Perficient Data & Analytics

When you hear the word “robot” like most, you probably begin thinking of a fictional, sci-fi movie – Star Wars; Short Circuit; I, Robot, etc., rarely would you think healthcare. Given the recent uptick in the use of robotics within the health sector, this could soon change. Robotics is not a foreign concept to the healthcare industry. In fact, the use of robots was introduced to the world of medicine back in the 1980’s.

Trends 116

FBI Warns Of Pending Large Scale ATM Cashout Strike

Data Breach Today

Attack May Pivot On A Data Breach At 'Unknown Card Issuer' Agency Says The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs, a type of attack that has caused swift and costly losses for financial institutions.

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

Krebs on Security

Reconciling vulnerability responses within FIPS 140 security certifications

Thales eSecurity

In this blog, I will present a new and efficient approach to reconciling security vulnerabilities and FIPS 140 security certifications, led by Thales eSecurity in collaboration with NIST/CMVP and FIPS 140 evaluation laboratories.

Backdoors in Cisco Routers

Schneier on Security

We don't know if this is error or deliberate action, but five backdoors have been discovered already this year. backdoors cisco hardware


Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.

Mining 175

Android mobile devices from 11 vendors are exposed to AT Commands attacks

Security Affairs

A group of researchers has conducted an interesting study on AT commands attacks on modern Android devices discovering that models of 11 vendors are at risk.

Paper 91

Russian Trolls 'Spread Vaccine Misinformation' Online

Data Breach Today

Bots and Trolls Account for Majority of Vaccine Tweets, Researchers Find Public health alert: Russian trolls have been spreading "polarized and anti-vaccine" misinformation via social media in a manner that appears designed to undercut trust in vaccines, researchers warn.


Florida Man Arrested in SIM Swap Conspiracy

Krebs on Security

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

WIRED Threat Level

Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world. Security Backchannel

Three of My Books Are Available in DRM-Free E-Book Format

Schneier on Security

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 15 gets you everything, and they're all DRM-free.

Trend Micro takes multi-pronged approach to narrowing the gaping cybersecurity skills gap

The Last Watchdog

Remember the old adage, you can never be too thin or too rich? The software development world has its own take on that dictum—you can never be too fast. Related: Gamification training targets iGens. Business demand dictates a frenetic pace for delivering new and better technology. To perfect the process, more organizations are taking a DevOps approach—melding software development and software operations simultaneously.

Trends 171

Do you have a data breach response plan?

IT Governance

The EU GDPR (General Data Protection Regulation) requires organisations to respond to serious data breaches within 72 hours of detection.

Atlanta's Reported Ransomware Bill: Up to $17 Million

Data Breach Today

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe.

How to Stop Google From Tracking Your Location

WIRED Threat Level

A new report shows that Google still tracks your location even if you thought you opted out. Security

Future Cyberwar

Schneier on Security

A report for the Center for Strategic and International Studies looks at surprise and war. One of the report's cyberwar scenarios is particularly compelling.

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. Google’s Chrome web browser commands a 60% market share. So the search giant has been leading the push to get 100% of websites to jettison HTTP and replace it with HTTPS.

Australia banned Huawei from 5G network due to security concerns

Security Affairs

Chinese-owned telecommunications firm Huawei has been banned from Australia’s 5G network due to security concerns. The Australian government considers risky the involvement of Huawei for the rolling out of next-generation 5G communication networks.

Microsoft Uncovers Fresh Russian Attack Infrastructure

Data Breach Today

Fancy Bear' Mimics Domains for US Senate, International Republican Institute With the U.S.

Fiserv Flaw Exposed Customer Data at Hundreds of Banks

Krebs on Security

Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned. Brookfield, Wisc.-based

Groups 207

Digital Darwinism – Three Transformational Tactics to Consider


Digital transformation can mean different things to different organizations. For some, it might mean simply getting rid of paper. But in these competitive times organizations need to look further.

CIA Network Exposed Through Insecure Communications System

Schneier on Security

Interesting story of a CIA intelligence network in China that was exposed partly because of a computer-security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated.

MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police?

The Last Watchdog

If there is a data breach or some other cybersecurity incident, a phishing attack was probably involved. Over 90 percent of incidents begin with a phishing email. One of the more infamous hacks in recent years, the DNC data breach , was the result of a phishing attack. Related: Carpet bombing of phishing emails endures. Phishing is the number one way organizations are breached, Aaron Higbee, CTO and co-founder of Cofense, told me at Black Hat USA 2018 in Las Vegas.

USBHarpoon a look-like charging cable that can hack into your computer

Security Affairs

A team of security experts has devised a rogue USB charging cable named USBHarpoon that can be used to compromise a computer in just a few seconds. The team was composed of Olaf Tan and Dennis Goh of RFID Research Group , Vincent Yiu of SYON Security , and the popular Kevin Mitnick.

Video 83

Threat Intelligence: Beyond Indicators of Compromise

Data Breach Today

Trustwave's Brian Hussey on Creating True, Actionable Intel Too many organizations leverage advanced threat intelligence merely to detect indicators of compromise. But Brian Hussey of Trustwave wants to help them mine actionable threat intelligence to truly bolster enterprise defenses

Mining 191

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning

Krebs on Security

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive : The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug.

Pwned Passwords, Now As NTLM Hashes!

Troy Hunt

I'm still pretty amazed at how much traction Pwned Passwords has gotten this year. A few months ago, I wrote about Pwned Passwords in Practice which demonstrates a whole heap of great use cases where they've been used in registration, password reset and login flows.