July, 2019

Recent DNS Hijacking Campaigns Trigger Government Action

Data Breach Today

US and UK Agencies Respond to Increasing Attacks A recent spate of attacks targeting domain name system protocols and registrars, including several incidents that researchers believe have ties to nation-state espionage, is prompting the U.S. and U.K.

How should you investigate a data breach?

IT Governance

Digital Guardian recently asked a group of cyber security experts what the most important step is following a data breach. Several answered with some variation of ‘find out how it happened’.

What Is Credential Dumping?

WIRED Threat Level

Modern network intrusions thrive on a counterintuitive trick: stealing passwords from computers that hackers have already compromised. Security Security / Cyberattacks and Hacks

Capital One: Where Did the Bank Fail on Defense?

Data Breach Today

Experts Say Bank May Have Made Several Errors The cause of Capital One's breach is known. But experts say the incident still raises questions over why Capital One held onto personal data so long and if the bank was adequately monitoring administrator accounts

Data 233

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

The Unsexy Threat to Election Security

Krebs on Security

Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news.

More Trending

Massive Botnet Attack Used More Than 400,000 IoT Devices

Data Breach Today

Researchers at Imperva Say Incident Mimicked Mirai-Style DDoS Attack A massive botnet attack earlier this year utilized more than 400,000 connected devices over the course of 13 days, according to researchers at the security firm Imperva

IoT 215

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

The first anniversary of the GDPR: How a risk-based approach can help you achieve GDPR compliance

Thales eSecurity

Since the General Data Protection Regulation (GDPR) took effect on May 25th last year, data protection has become a very hot topic.

GDPR 99

Meet the World’s Biggest ‘Bulletproof’ Hoster

Krebs on Security

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

If you put garbage in, do you get machine learning out?

Information Management Resources

Despite many businesses rushing to integrate machine learning, they still struggle with setting the proper foundation for the technology: Controlling the quality and accuracy of their data. Machine learning Data quality Artificial intelligence

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

Remember after last month’s relatively serene cyber security scene we said this wasn’t the beginning of the GDPRevolution ? July was bound to be a bounce-back month, but we couldn’t have expected the frighteningly high total of 2,266,042,039 breached records.

Security Flaw Exposed Valid Airline Boarding Passes

Data Breach Today

Android devices could be hacked by playing a video due to CVE-2019-2107 flaw

Security Affairs

Watch out! Playing a video on Android devices could be a dangerous operation due to a critical CVE-2019-2107 RCE flaw in Android OS between version 7.0 and 9.0.

Video 114

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Think FaceApp Is Scary? Wait Till You Hear About Facebook

WIRED Threat Level

The idea that FaceApp is somehow exceptionally dangerous threatens to obscure the real point: All apps deserve this level of scrutiny. Security Security / Privacy

What You Should Know About the Equifax Data Breach Settlement

Krebs on Security

Big-three credit bureau Equifax has reportedly agreed to pay at least $650 million to settle lawsuits stemming from a 2017 breach that let intruders steal personal and financial data on roughly 148 million Americans.

Most databases will have moved to the cloud by 2022, says Gartner

Information Management Resources

By 2022, 75 percent of all databases will be deployed or migrated to a cloud platform, with only 5 percent ever considered for repatriation to on-premises, the research firm says. Cloud computing Database management Data management

Cloud 124

The Changing Face of Data Security in Federal Government

Thales eSecurity

US Cyber Command Warns of Outlook Vulnerability Exploits

Data Breach Today

Researchers Say Attackers Could Have Ties to Iranian-Backed APT Group The U.S. Cyber Command has issued a warning that attackers are attempting to exploit an older vulnerability in Microsoft Outlook to plant remote access Trojans or other types of malware within government networks.

Groups 279

German firms BASF, Siemens, Henkel hit by cyber attacks

Security Affairs

A new wave of cyber attacks carried out by a China-linked APT group hit German blue-chip companies BASF, Siemens, Henkel and others. On Wednesday, German blue-chip companies BASF, Siemens, Henkel along with a host of others confirmed they had been targeted by a wave of cyber attacks.

How to Get Your Equifax Settlement Money

WIRED Threat Level

A settlement with the FTC means Equifax will pay victims of its breach $125 or more. Make sure it pay ups. Security Security / Security News

How To 109

Neo-Nazi SWATters Target Dozens of Journalists

Krebs on Security

Nearly three dozen journalists at a broad range of major publications have been targeted by a far-right group that maintains a Deep Web database listing the personal information of people who threaten their views.

Groups 262

Despite growing risks, most organizations short-change security training, basics

Information Management Resources

While it’s perfectly understandable that every business has to operate on a specific budget, it’s very odd that, when the money gets tight, IT almost exclusively gets the short end of the stick. Data security Cyber security Cyber attacks

Authentication and the Have I Been Pwned API

Troy Hunt

The very first feature I added to Have I Been Pwned after I launched it back in December 2013 was the public API.

FTC Reportedly Approves $5 Billion Facebook Fine

Data Breach Today

Settlement Stems From Cambridge Analytica Incident After a long privacy investigation, the U.S. Federal Trade Commission voted to levy a $5 billion fine against Facebook, according to the Washington Post and the Wall Street Journal

0v1ru$ hackers breach FSB contractor SyTech and expose Russian intel projects

Security Affairs

SyTech , a contractor for the Federal Security Service of the Russian Federation (FSB) has been hacked, attackers stole data about interna l projects.

The Biggest Cybersecurity Crises of 2019 So Far

WIRED Threat Level

Ransomware attacks, supply chain hacks, escalating tensions with Iran—the first six months of 2019 have been anything but boring. Security Security / Cyberattacks and Hacks

Capital One Data Theft Impacts 106M People

Krebs on Security

Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp. Incredibly, much of this breach played out publicly over several months on social media and other open online platforms.

Data 242

Europe's data privacy rules hurt small firms, not Google and Facebook

Information Management Resources

Evidence mounts that the GDPR as applied today hurts smaller firms and has no effect on tech giants, which are the least interested in preserving user privacy. GDPR Data privacy Data privacy rules Data security

Pwned Passwords, Version 5

Troy Hunt

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn't so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing authentication today.

More US Cities Battered by Ransomware

Data Breach Today

Infected City Fires IT Manager; New Victims in Florida, Georgia More U.S. cities and other governmental units reportedly have been hit by ransomware in an unrelenting wave that has proved profitable for hackers. Here's a roundup of the latest incidents

Hackers inject Magecart multi-gateway skimmer in fake Google domains

Security Affairs

Attackers deployed a Magecart credit card skimmer script into fake Google domains used to trick visitors into making online transactions.

CMS 108