August, 2018

Q&A: How your typing and screen swiping nuances can verify your identity

The Last Watchdog

The recent data breaches at Timehop and Macy’s are the latest harbingers of what’s in store for companies that fail to vigorously guard access to all of their mission-critical systems. Related podcast: Why identities are the new firewall. A common thread to just about every deep network breach these days is the failure of the victimized entity to effectively deploy multi-factor authentication (MFA) to at least make it harder for threat actors to access their sensitive systems.

Creating a Holistic View: Data Consolidation and Integration

Perficient Data & Analytics

The consolidation of data and integration of systems is essential to providing a holistic 360-degree view of patients and members. This view can enable a variety of activities to enhance and drive efficiency in business and clinical activities, such as increasing patient safety and the quality of care healthcare delivery organizations provide to patients. One organization that understands the challenges associated with bringing data together across a large number of hospitals is Mayo Clinic.

T-Mobile Database Breach Exposes 2 Million Customers' Data

Data Breach Today

Attacker Wants to Sell Stolen Data, Security Researcher Warns T-Mobile has suffered a breach that may have exposed personal data for 2.3 million of its 77 million customers, and one security researcher says the hacker appears to be keen to sell the stolen data

Hanging Up on Mobile in the Name of Security

Krebs on Security

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies.

Seven Data Security Challenges You Must Meet to Comply with GDPR

Thales Data Security

The enactment of the European Union’s General Data Protection Regulation (GDPR) is a significant milestone for virtually every international business. Under the standard, organizations need to comply withan extensive set of requirements—or potentially face significant fines for failing to do so.

List of data breaches and cyber attacks August 2018 – 215,000,000 records leaked

IT Governance

As we end the near of August, it’s time to tally up the month’s breaches. The volume of breaches is actually rather low in comparison to recent months; however the number of leaked records is a staggering 215,009,428.

More Trending

Robotics in Healthcare – Beam Me Up or Be Gone?

Perficient Data & Analytics

When you hear the word “robot” like most, you probably begin thinking of a fictional, sci-fi movie – Star Wars; Short Circuit; I, Robot, etc., rarely would you think healthcare. Given the recent uptick in the use of robotics within the health sector, this could soon change. Robotics is not a foreign concept to the healthcare industry. In fact, the use of robots was introduced to the world of medicine back in the 1980’s.

Trends 116

FBI Warns Of Pending Large Scale ATM Cashout Strike

Data Breach Today

Attack May Pivot On A Data Breach At 'Unknown Card Issuer' Agency Says The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs, a type of attack that has caused swift and costly losses for financial institutions.

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

Krebs on Security

Reconciling vulnerability responses within FIPS 140 security certifications

Thales Data Security

In this blog, I will present a new and efficient approach to reconciling security vulnerabilities and FIPS 140 security certifications, led by Thales eSecurity in collaboration with NIST/CMVP and FIPS 140 evaluation laboratories.

Backdoors in Cisco Routers

Schneier on Security

We don't know if this is error or deliberate action, but five backdoors have been discovered already this year. backdoors cisco hardware

93

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.

Mining 175

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

WIRED Threat Level

Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world. Security Backchannel

Russian Trolls 'Spread Vaccine Misinformation' Online

Data Breach Today

Bots and Trolls Account for Majority of Vaccine Tweets, Researchers Find Public health alert: Russian trolls have been spreading "polarized and anti-vaccine" misinformation via social media in a manner that appears designed to undercut trust in vaccines, researchers warn.

201
201

Florida Man Arrested in SIM Swap Conspiracy

Krebs on Security

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.

Digital Darwinism – Three Transformational Tactics to Consider

AIIM

Digital transformation can mean different things to different organizations. For some, it might mean simply getting rid of paper. But in these competitive times organizations need to look further.

Three of My Books Are Available in DRM-Free E-Book Format

Schneier on Security

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 15 gets you everything, and they're all DRM-free.

Trend Micro takes multi-pronged approach to narrowing the gaping cybersecurity skills gap

The Last Watchdog

Remember the old adage, you can never be too thin or too rich? The software development world has its own take on that dictum—you can never be too fast. Related: Gamification training targets iGens. Business demand dictates a frenetic pace for delivering new and better technology. To perfect the process, more organizations are taking a DevOps approach—melding software development and software operations simultaneously.

Trends 167

How to Stop Google From Tracking Your Location

WIRED Threat Level

A new report shows that Google still tracks your location even if you thought you opted out. Security

Atlanta's Reported Ransomware Bill: Up to $17 Million

Data Breach Today

Fiserv Flaw Exposed Customer Data at Hundreds of Banks

Krebs on Security

Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned. Brookfield, Wisc.-based

Groups 203

Top Cybersecurity Companies of 2018

eSecurity Planet

These IT security vendors lead the market through their innovative offerings, range of products and services, customer satisfaction and annual revenue

Future Cyberwar

Schneier on Security

A report for the Center for Strategic and International Studies looks at surprise and war. One of the report's cyberwar scenarios is particularly compelling.

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. Google’s Chrome web browser commands a 60% market share. So the search giant has been leading the push to get 100% of websites to jettison HTTP and replace it with HTTPS.

The Explosive-Carrying Drones in Venezuela Won’t Be the Last

WIRED Threat Level

There's still no good defense against drones attacks like the one that targeted Venezuelan president Nicolas Maduro Saturday. Security

Microsoft Uncovers Fresh Russian Attack Infrastructure

Data Breach Today

Fancy Bear' Mimics Domains for US Senate, International Republican Institute With the U.S.

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe.

A worrying trend: Attacks on Asian healthcare organizations

Thales Data Security

While it’s no surprise to anybody reading this that data breaches are on the rise, the attacks facing healthcare organizations, most recently in Asia, are particularly worrisome. One need not look very far to find examples of the threats facing these entities: In Singapore, 1.5

CIA Network Exposed Through Insecure Communications System

Schneier on Security

Interesting story of a CIA intelligence network in China that was exposed partly because of a computer-security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated.

MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police?

The Last Watchdog

If there is a data breach or some other cybersecurity incident, a phishing attack was probably involved. Over 90 percent of incidents begin with a phishing email. One of the more infamous hacks in recent years, the DNC data breach , was the result of a phishing attack. Related: Carpet bombing of phishing emails endures. Phishing is the number one way organizations are breached, Aaron Higbee, CTO and co-founder of Cofense, told me at Black Hat USA 2018 in Las Vegas.

T-Mobile Data Breach Hits 2 Million Customers

Adam Levin

Wireless company T-Mobile suffered a data breach affecting more than 2 million of its 77 million customers. The breach resulted in the compromise of names, phone numbers, email addresses, as well as general account information, but not, according to the company, financial information.

Threat Intelligence: Beyond Indicators of Compromise

Data Breach Today

Trustwave's Brian Hussey on Creating True, Actionable Intel Too many organizations leverage advanced threat intelligence merely to detect indicators of compromise. But Brian Hussey of Trustwave wants to help them mine actionable threat intelligence to truly bolster enterprise defenses

Mining 192

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning

Krebs on Security

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive : The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug.

Do you have a data breach response plan?

IT Governance

The EU GDPR (General Data Protection Regulation) requires organisations to respond to serious data breaches within 72 hours of detection.