April, 2019

Dark Patterns: How Weaponized Usability Hurts Users

Data Breach Today

Fresh Legislation Targets Deceptive, Privacy-Shredding Interface Design Dark patterns are out to get you. The term describes the practice of abusing usability norms to create user interfaces that trick users into divulging their personal details or sacrificing their privacy.

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype.

NEW TECH: Circadence deploys ‘gamification’ training to shrink cybersecurity skills gap

The Last Watchdog

It’s clear that closing the cybersecurity skills gap has to happen in order to make our internet-centric world as private and secure as it ought to be. Related: The need for diversity in cybersecurity personnel One of the top innovators in the training space is Circadence ®. The Boulder, CO-based company got its start in the mid-1990s as a pioneer of massive multi-player video games.

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.

IoT 285

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

4 Signs Alfresco Is All Growed Up

Weissman's World

Being an information consultant/analyst is a lot like being a parent in that I get to watch companies come into the world, struggle to gain acceptance, and learn to be a force unto themselves (or not).

More Trending

Mystery Database Exposed Info on 80 Million US Households

Data Breach Today

Researchers Locate an Unprotected 24GB Database With Names, Addresses and Incomes An unsecured database hosted on Microsoft's cloud platform contained personal information on nearly 80 million U.S. households, according to two researchers who found it.

Cloud 277

Defending Democracies Against Information Attacks

Schneier on Security

To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist.

NEW TECH: How Semperis came to close a huge gap in Active Directory disaster preparedness

The Last Watchdog

In today’s complex IT environments, a million things can go wrong, though only a few systems touch everything.

How Not to Acknowledge a Data Breach

Krebs on Security

I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Over 23 million breached accounts were using ‘123456’ as password

Security Affairs

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password.

EU To Build Massive Biometric Database

Adam Levin

The European Union’s parliament voted to create a biometric database of over 350 million people.

Facebook Marketplace Flaw Revealed Seller's Exact Location

Data Breach Today

Privacy Peril: Thieves Use Location Data to 'Shop' for High-Value Items Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods.

Stealing Ethereum by Guessing Weak Private Keys

Schneier on Security

Someone is stealing millions of dollars worth of Ethereum by guessing users' private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here.

Paper 114

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

If your company is participating in the global supply chain, either as a first-party purchaser of goods and services from other organizations, or as a third-party supplier, sooner or later you’ll encounter the NIST Cybersecurity Framework.

Experts: Breach at IT Outsourcing Giant Wipro

Krebs on Security

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [ NYSE:WIT ] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity.

IT 285

Docker Hub Database hacked, 190,000 users impacted

Security Affairs

Docker became aware of unauthorized access to a Docker Hub database that exposed sensitive information for roughly 190,000 users. Docker notified its users that an unauthorized entity gained access to a Docker Hub database that exposed sensitive information for roughly 190,000 users.

How to Track Your Kids (and Other People's Kids) With the TicTocTrack Watch

Troy Hunt

Do you ever hear those stories from your parents along the lines of "when I was young." and then there's a tale of how risky life was back then compared to today.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Attackers Shift to Malware-Based Cryptominers

Data Breach Today

Cryptocurrency Market Slide Makes In-Browser Mining Less Appealing Browser-based cryptocurrency miners are falling out of favor as virtual currency prices remain low, IBM says. But the company says malware-based miners are coming back, including fileless ones that rely on Powershell.

Mining 273

Towards an Information Operations Kill Chain

Schneier on Security

Cyberattacks don't magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps.

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

The Last Watchdog

Accounting for third-party risks is now mandated by regulations — with teeth. Related: Free ‘VRMM’ tool measures third-party exposure Just take a look at Europe’s GDPR , NYDFS’s cybersecurity requirement s or even California’s newly minted Consumer Privacy Act.

Risk 177

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

Zero-day vulnerability in Oracle WebLogic

Security Affairs

Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability.

Access 114

87% of organisations have an insufficient cyber security budget

IT Governance

Although organisations are devoting more resources to cyber security in order to tackle the growing threat of data breaches, 87% say they don’t have the budget to meet their needs, a new report has found.

Australian Child-Tracking Smartwatch Vulnerable to Hackers

Data Breach Today

Report: Hacker Could Spoof Child's Location, View Personal Information An Australian company that markets a smartwatch designed to let parents monitor their child has taken its service offline after researchers revealed hackers could listen in on and spy on a child's location.

Fooling Automated Surveillance Cameras with Patchwork Color Printout

Schneier on Security

Nice bit of adversarial machine learning. The image from this news article is most of what you need to know, but here's the research paper. academicpapers biometrics cybersecurity machinelearning

Paper 114

MY TAKE: How ‘CASBs’ are evolving to close the security gaps arising from digital transformation

The Last Watchdog

The Cloud Access Security Broker (CASB) space is maturing to keep pace with digital transformation. Related: CASBs needed now, more than ever. Caz-bees first took shape as a cottage industry circa 2013 to 2014 in response to a cry for help from companies reeling from new Shadow IT exposures : the risk created by early-adopter employees, quite often the CEO, insisting on using the latest smartphone and Software-as-a-Services tools, without any shred of security vetting.

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0