November, 2019

Ransomware Analysis: 'Shade' Surges; Other Trends Emerge

Data Breach Today

Researchers Explain Resurgence in Ransomware, Persistence of Exploit Kits Attacks tied to Shade ransomware continue to surge as part of an overall resurgence in ransomware, security researchers warn.

SHARED INTEL: How ‘memory attacks’ and ‘firmware spoilage’ circumvent perimeter defenses

The Last Watchdog

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. The latter knows how to carry out a DLL injection hack — to cheat the game score.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Data Protection on Demand: The Key to Cloud-Based Key Management

Thales eSecurity

Some organizations presume that encryption is a one-and-done affair that can solve all of their security woes. But that’s not the case. Even when organizations effectively implement encryption, they might forget to safely store their encryption keys.

3 Everyday Things in Your Office That Could Lead to a Data Breach

Adam Levin

When you think about cyberthreats , what comes to mind? An extortionist announcing your doom with a dark monitor and a laughing skull? State-sponsored cyber-warriors working from a secure command post? President Trump’s certain, “somebody sitting on their bed that weighs 400 pounds ?”

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Think Twice Before Giving Gifts With a Microphone or Camera

WIRED Threat Level

Black Friday is going to be overrun with cheap, internet-connected gifts. Just make sure you know exactly what you’re buying. Security Security / Security Advice

More Trending

Technology and Policymakers

Schneier on Security

Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world's problems.

Federal Data Privacy Bill Takes Aim at Tech Giants

Threatpost

The COPRA legislation would provide GDPR-like data protections, and create a new FTC enforcement bureau. Government Privacy cantwell copra Data Privacy data protections enforcement bureau federal law fines FTC GDPR legislation private lawsuits senate bill tech giants

DDoS: An Underestimated Threat

Dark Reading

Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back

109
109

Latest Ransomware Attacks Show Diversity of Victims

Data Breach Today

What Do They Have in Common? Difficult Recovery A ransomware attack against a chain of veterinary medicine clinics plus an attack against a New York hospital show this threat remains pervasive, victims are diverse and recovery is difficult

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

SHARED INTEL: What can be done — today — to keep quantum computing from killing encryption

The Last Watchdog

There’s little doubt that the shift to quantum computing will open new horizons of digital commerce. But it’s also plain as day that the mainstreaming of quantum processing power will profoundly exacerbate cybersecurity exposures. Related: The ‘post quantum crytpo’ race is on This isn’t coming as any surprise to IT department heads.

Post-GDPR Developments on Data Protection and Privacy Regulations Around the World

Thales eSecurity

In the modern era of a global information economy, every single day, enormous amounts of information are transmitted, stored and collected worldwide.

GDPR 101

Tainted Data Can Teach Algorithms the Wrong Lessons

WIRED Threat Level

Researchers show how AI programs can be sabotaged by even subtle tweaks to the data used to train them. Security Security / Cyberattacks and Hacks Business

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains

Krebs on Security

On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards.

Sales 283

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts

Security Affairs

Some third-party apps quietly scraped personal information from people’s accounts from Twitter and Facebook, the social media companies claim. Facebook and Twitter revealed that some third-party apps quietly scraped personal information from people’s accounts without their consent.

Target Sues Insurer Over 2013 Data Breach Costs

Data Breach Today

Lawsuit Claims Insurer Owes Retailer for Coverage of Card Replacement Costs Target has filed a lawsuit against its long-time insurer, ACE American Insurance Co., in an attempt to recoup money it spent to replace payment cards as part of settlements over the retailer's massive 2013 data breach.

MY TAKE: How blockchain technology came to seed the next great techno-industrial revolution

The Last Watchdog

Some 20 years ago, the founders of Amazon and Google essentially set the course for how the internet would come to dominate the way we live.

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

Until this month, I'd never heard of People Data Labs (PDL). I'd certainly heard of the sector they operate in - "Data Enrichment" - but I'd never heard of the company itself.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

1.2 Billion Records Found Exposed Online in a Single Server 

WIRED Threat Level

Here's the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles. Security Security / Security News

Hidden Cam Above Bluetooth Pump Skimmer

Krebs on Security

Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices.

Sales 280

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

Microsoft revealed that the new Dexphot cryptocurrency miner has already infected more than 80,000 computers worldwide. Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018.

Louisiana Government Recovering From Ransomware Attack

Data Breach Today

Governor Describes 'Aggressive' Incident Response Efforts After a ransomware attack on Monday forced Louisiana's government to take several servers and websites offline to prevent the malware from spreading, state officials spent Tuesday restoring online services

NEW TECH: Can an ‘operational system of record’ alleviate rising knowledge worker frustrations?

The Last Watchdog

An undercurrent of discontent is spreading amongst knowledge workers in enterprises across the United States and Europe. Related: Phishing-proof busy employees White collar employees today have amazingly capable communications and collaboration tools at their beck and call. Yet the majority feel unsatisfied with narrow daily assignments and increasingly disconnected from the strategic goals of their parent organization.

B2B 150

T-Mobile data breach affects more than 1 million customers

IT Governance

T-Mobile has confirmed that its systems have been hacked, with cyber criminals stealing the personal data of more than one million US customers. According to the organisation, customer names, addresses, phone numbers, rate plans and plan features were all exposed.

146 New Vulnerabilities All Come Preinstalled on Android Phones

WIRED Threat Level

The dozens of flaws across 29 Android smartphone makers show just how insecure the devices can be, even brand-new. Security Security / Security News

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Krebs on Security

A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States.

Personal and social information of 1.2B people exposed on an open Elasticsearch install

Security Affairs

Security duo discovered personal and social information 1.2 billion people exposed online on an unsecured Elasticsearch server. Researchers Bob Diachenko and Vinny Troia discovered an unsecured Eslasticsearch server containing an unprecedented 4 billion user accounts.

Ransomware Attackers Leak Stolen Data

Data Breach Today

Maze Crew Reportedly Threatens to Release More of Allied Universal's Data Unless Ransom Paid Ransomware attacks have taken an unwelcome turn: The Maze gang reportedly has begun leaking a victim's files to create pressure to pay a ransom.

NEW TECH: Silverfort deploys ‘multi-factor authentication’ to lock down ‘machine identities’

The Last Watchdog

From the start, two-factor authentication, or 2FA , established itself as a simple, effective way to verify identities with more certainty. Related: A primer on IoT security risks The big hitch with 2FA, and what it evolved into – multi-factor authentication, or MFA – has always been balancing user convenience and security.

List of data breaches and cyber attacks in November 2019 – 1.34 billion records breached

IT Governance

It was a big month for data breaches this month, with a confirmed 1,341,147,383 records being exposed in 87 incidents. However, almost all of those came from one leaked database , the origin of which is unclear.

The Growing Presence (and Security Risks) of IoT

Thales eSecurity

As most of us know, IoT devices are on the rise in enterprise networks. According to McKinsey & Company , the proportion of organizations that use IoT products has grown from 13 percent in 2014 to 25 percent today.

IoT 115