February, 2019

GUEST ESSAY: Repelling social engineering attacks requires shoring up the weakest link: humans

The Last Watchdog

The problem with social engineering attacks is that they capitalize on the weakest link on any computer or network system: You ! Avoiding social engineering attacks requires you to understand what they are and how they work. Related: Why diversity needs to be part of security training. Social engineering takes advantage of human psychology to attack using deception and manipulation. Hackers know that humans are: •Easily distracted.

Blockchain and Trust

Schneier on Security

In his 2008 white paper that first proposed bitcoin , the anonymous Satoshi Nakamoto concluded with: "We have proposed a system for electronic transactions without relying on trust." He was referring to blockchain , the system behind bitcoin cryptocurrency.

More Alleged SIM Swappers Face Justice

Krebs on Security

Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims.

Password Managers Leave Crumbs in Memory, Researchers Warn

Data Breach Today

Popular Password Managers for Windows Fail to Tidy Up Before Locking Up Shop A security audit of popular password manager has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

PDF zero-day samples harvest user data when opened in Chrome

Security Affairs

Experts at Exploit detection service EdgeSpot detected several PDF documents that exploit a zero-day flaw in Chrome to harvest user data.

More Trending

List of data breaches and cyber attacks in February 2019 – 692,853,046 records leaked

IT Governance

The shortest month of the year is over in a flash, but not before a significant number of data breaches and cyber attacks could take place. I count this month’s total of leaked records to be 692,853,046, bringing 2019’s total to 2,462,038,109.

Why Information Architecture is VITAL to Information Governance

Weissman's World

Our very own Kevin Parker has written another stellar piece on the importance of information architecture to information governance. You can read it in ARMA’s Information Management Magazine – and if you want to learn more, register for Kevin’s ARMA iMasters Webinar on February 27.

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

The U.S.

Data Breach Reports in Europe Under GDPR Exceed 59,000

Data Breach Today

Netherlands, Germany and UK Have Logged the Most Data Breach Reports Since the EU's GDPR went into full effect, European data protection authorities have received over 59,000 data breach reports, with the Netherlands, Germany and the U.K.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

70000 Pakistani banks’ cards with PINs go on sale on the dark web.

Security Affairs

Group-IB experts discovered new databases with a total of 69,189 Pakistani banks’ cards that have shown up for sale on the dark web.

Sales 114

Attacking Soldiers on Social Media

Schneier on Security

A research group at NATO's Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise -- we don't know what country they were from -- to demonstrate the power of the attack technique.

Digital Transformation in Municipal Government: The Hidden Force Powering Smart Cities

erwin

Smart cities are changing the world. When you think of real-time, data-driven experiences and modern applications to accomplish tasks faster and easier, your local town or city government probably doesn’t come to mind.

Maltese bank thwarts huge cyber heist by taking its IT systems offline

IT Governance

Sometimes the only thing that can stop an outrageous plan is an even more outrageous one. At least that was the thinking at the Bank of Valletta in Malta, which last week prevented a daring cyber heist by shutting down its IT systems and plunging the organisation into cyber darkness.

IT 104

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Krebs on Security

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week.

Criminals, Nation-States Keep Hijacking BGP and DNS

Data Breach Today

While Exploitable Protocols and Processes Persist, Adoption of Secure Fixes Lags The internet is composed of a series of networks built on trust.

ATT&CKized Splunk – Threat Hunting with MITRE’s ATT&CK using Splunk

Security Affairs

Most of us know MITRE and the ATT&CK framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack.

Demo 114

Celebrating diversity and women in technology in India

OpenText Information Management

This year, OpenText™ sent our first official delegation of talented female employees from our Hyderabad and Bangalore offices to the Grace Hopper Celebration India (GHCI).

Blog 101

ICANN Urges Greater Domain Name Security

Adam Levin

The infrastructure at the core of the internet is vulnerable to attack from state-sponsored hackers, its governing body warned. .

The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More)

Troy Hunt

A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it.

New Breed of Fuel Pump Skimmer Uses SMS and Bluetooth

Krebs on Security

Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world.

Cottage Health Hit With $3 Million HIPAA Settlement

Data Breach Today

Latest in a Series of Substantial HHS Penalties for Violations Federal regulators have hit a California-based healthcare provider with a $3 million HIPAA settlement related to two breaches involving misconfigured IT. It's the latest in a recent series of hefty penalties issued in HIPAA cases

IT 263

Docker runc flaw opens the door to a ‘Doomsday scenario’

Security Affairs

Security experts found a serious flaw tracked CVE-2019-5736 affecting runc , the default container runtime for Docker, containerd , Podman, and CRI-O.

Cloud 114

The IT Governance Cyber Resilience Framework: how it works

IT Governance

Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks. It helps organisations protect themselves from cyber risks, defend against and limit the severity of attacks, and ensure that business operations continue to function.

Phishing Campaign Hits Credit Unions

Adam Levin

A phishing campaign targeting credit unions and other financial institutions recently found its way into the email inboxes of anti-money laundering officers.

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

As companies make more extensive use of evermore capable – and complex — digital systems, what has remained constant is the innumerable paths left wide open for threat actors to waltz through. Related: Applying ‘zero trust’ to managed security services. So why hasn’t the corporate sector been more effective at locking down access for users? It’s not for lack of trying. I recently discussed this with Chris Curcio, vice-president of channel sales at Optimal IdM, a Tampa, Fla.-based

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Krebs on Security

Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States.

Dow Jones Data Exposed on Public Server

Data Breach Today

Authorized Third Party' Responsible for Leak, Company Says An "authorized third party" exposed a Dow Jones database with more than 2.4 million records of risky businesses and individuals on a public server without password protection.

Security experts released new GandCrab Decryptor for free

Security Affairs

Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5.

Our Industry Is Failing. Will We Fix It?

John Battelle's Searchblog

If the latest tech revelations have proven anything, it’s that the endless cycle of jaw-dropping headlines and concomitant corporate apologetics has changed exactly nothing. Over and over, the pattern repeats.

The Queen of the Skies and Innovation

Adam Shostack

The Seattle Times has a story today about how “ 50 years ago today, the first 747 took off and changed aviation.” ” It’s true. The 747 was a marvel of engineering and luxury. The book by Joe Sutter is a great story of engineering leadership.

Why capture is a key foundation of information management strategies

OpenText Information Management

Today’s number one business challenge is keeping track of information.