April, 2019

Dark Patterns: How Weaponized Usability Hurts Users

Data Breach Today

Fresh Legislation Targets Deceptive, Privacy-Shredding Interface Design Dark patterns are out to get you. The term describes the practice of abusing usability norms to create user interfaces that trick users into divulging their personal details or sacrificing their privacy.

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype.

NEW TECH: Circadence deploys ‘gamification’ training to shrink cybersecurity skills gap

The Last Watchdog

It’s clear that closing the cybersecurity skills gap has to happen in order to make our internet-centric world as private and secure as it ought to be. Related: The need for diversity in cybersecurity personnel One of the top innovators in the training space is Circadence ®. The Boulder, CO-based company got its start in the mid-1990s as a pioneer of massive multi-player video games.

How Not to Acknowledge a Data Breach

Krebs on Security

I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach.

Contact Center Cloud Migration Done Right

Speaker: Sheila McGee-Smith, Founder and Principal Analyst, McGee-Smith Analytics

Many companies are in the midst of migrating their contact center to the cloud. Understanding how best to execute the transition of premises to cloud is part of that process. Join contact center industry analyst and No Jitter blogger Sheila McGee-Smith as she discussed tried and true best practices for avoiding the potential pitfalls of CX migration.

4 Signs Alfresco Is All Growed Up

Weissman's World

Being an information consultant/analyst is a lot like being a parent in that I get to watch companies come into the world, struggle to gain acceptance, and learn to be a force unto themselves (or not).

Groups 197

More Trending

Mystery Database Exposed Info on 80 Million US Households

Data Breach Today

Researchers Locate an Unprotected 24GB Database With Names, Addresses and Incomes An unsecured database hosted on Microsoft's cloud platform contained personal information on nearly 80 million U.S. households, according to two researchers who found it.

Cloud 271

60 Million records of LinkedIn users exposed online

Security Affairs

Researcher discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Researcher Sanyam Jain at GDI foundation discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data.

NEW TECH: How Semperis came to close a huge gap in Active Directory disaster preparedness

The Last Watchdog

In today’s complex IT environments, a million things can go wrong, though only a few systems touch everything.

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Excellent Analysis of the Boeing 737 MAX Software Problems

Schneier on Security

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker.

How to Track Your Kids (and Other People's Kids) With the TicTocTrack Watch

Troy Hunt

Do you ever hear those stories from your parents along the lines of "when I was young." and then there's a tale of how risky life was back then compared to today.

How To 114

Facebook Marketplace Flaw Revealed Seller's Exact Location

Data Breach Today

Privacy Peril: Thieves Use Location Data to 'Shop' for High-Value Items Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods.

87% of organisations have an insufficient cyber security budget

IT Governance

Although organisations are devoting more resources to cyber security in order to tackle the growing threat of data breaches, 87% say they don’t have the budget to meet their needs, a new report has found.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

If your company is participating in the global supply chain, either as a first-party purchaser of goods and services from other organizations, or as a third-party supplier, sooner or later you’ll encounter the NIST Cybersecurity Framework.

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

G7 Comes Out in Favor of Encryption Backdoors

Schneier on Security

Malware Infected Medical Equipment Shows Fake Tumors

Adam Levin

Israeli cybersecurity researchers have created malware capable of showing fake cancerous growths on CT and MRI scans.

Study 111

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Australian Child-Tracking Smartwatch Vulnerable to Hackers

Data Breach Today

Report: Hacker Could Spoof Child's Location, View Personal Information An Australian company that markets a smartwatch designed to let parents monitor their child has taken its service offline after researchers revealed hackers could listen in on and spy on a child's location.

A new DDoS technique abuses HTML5 Hyperlink Audit Ping in massive attacks

Security Affairs

Experts at Imperva discovered a new type of large-scale DDoS attack that abuses the HTML5 Ping-based hyperlink auditing feature. Experts at Imperva Vitaly Simonovich and Dima Bekerman observed a large-scale DDoS attack abusing the HTML5 Ping-based hyperlink auditing feature.

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

The Last Watchdog

Accounting for third-party risks is now mandated by regulations — with teeth. Related: Free ‘VRMM’ tool measures third-party exposure Just take a look at Europe’s GDPR , NYDFS’s cybersecurity requirement s or even California’s newly minted Consumer Privacy Act.

Risk 173

Experts: Breach at IT Outsourcing Giant Wipro

Krebs on Security

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [ NYSE:WIT ] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity.

IT 249

China Spying on Undersea Internet Cables

Schneier on Security

Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader.

What exactly is the link between IIM and Digital Transformation?

AIIM

This is part 1 of a four-part series based on our new State of the Industry – Content Services market research study. Every organization is on – or should be on – a Digital Transformation journey.

Attackers Shift to Malware-Based Cryptominers

Data Breach Today

Cryptocurrency Market Slide Makes In-Browser Mining Less Appealing Browser-based cryptocurrency miners are falling out of favor as virtual currency prices remain low, IBM says. But the company says malware-based miners are coming back, including fileless ones that rely on Powershell.

Mining 264

Hacker broke into super secure French Government’s Messaging App Tchap hours after release

Security Affairs

A white hat hacker discovered how to break Tchap, a new secure messaging app launched by the French government for officials and politicians.

MY TAKE: How ‘CASBs’ are evolving to close the security gaps arising from digital transformation

The Last Watchdog

The Cloud Access Security Broker (CASB) space is maturing to keep pace with digital transformation. Related: CASBs needed now, more than ever. Caz-bees first took shape as a cottage industry circa 2013 to 2014 in response to a cry for help from companies reeling from new Shadow IT exposures : the risk created by early-adopter employees, quite often the CEO, insisting on using the latest smartphone and Software-as-a-Services tools, without any shred of security vetting.

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.

IoT 237

Hey Secret Service: Don't Plug Suspect USB Sticks into Random Computers

Schneier on Security

I just noticed this bit from the incredibly weird story of the Chinese woman arrested at Mar-a-Lago: Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing.

EU To Build Massive Biometric Database

Adam Levin

The European Union’s parliament voted to create a biometric database of over 350 million people.

Millions of Facebook Records Found Unsecured on AWS

Data Breach Today

Third-Party Apps Left Facebook Users' Data Accessible in the Cloud Two third-party Facebook application developers exposed users' personal information by leaving the data exposed without a password in unsecured Amazon Web Services S3 buckets, researchers from UpGuard say.