July, 2019

Recent DNS Hijacking Campaigns Trigger Government Action

Data Breach Today

US and UK Agencies Respond to Increasing Attacks A recent spate of attacks targeting domain name system protocols and registrars, including several incidents that researchers believe have ties to nation-state espionage, is prompting the U.S. and U.K.

How should you investigate a data breach?

IT Governance

Digital Guardian recently asked a group of cyber security experts what the most important step is following a data breach. Several answered with some variation of ‘find out how it happened’.

What Is Credential Dumping?

WIRED Threat Level

Modern network intrusions thrive on a counterintuitive trick: stealing passwords from computers that hackers have already compromised. Security Security / Cyberattacks and Hacks

Capital One: Where Did the Bank Fail on Defense?

Data Breach Today

Experts Say Bank May Have Made Several Errors The cause of Capital One's breach is known. But experts say the incident still raises questions over why Capital One held onto personal data so long and if the bank was adequately monitoring administrator accounts

240
240

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

The Unsexy Threat to Election Security

Krebs on Security

Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news.

More Trending

Massive Botnet Attack Used More Than 400,000 IoT Devices

Data Breach Today

Researchers at Imperva Say Incident Mimicked Mirai-Style DDoS Attack A massive botnet attack earlier this year utilized more than 400,000 connected devices over the course of 13 days, according to researchers at the security firm Imperva

IoT 222

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

The first anniversary of the GDPR: How a risk-based approach can help you achieve GDPR compliance

Thales eSecurity

Since the General Data Protection Regulation (GDPR) took effect on May 25th last year, data protection has become a very hot topic.

GDPR 102

Meet the World’s Biggest ‘Bulletproof’ Hoster

Krebs on Security

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

MY TAKE: How state-backed cyber ops have placed the world in a constant-state ‘Cyber Pearl Harbor’

The Last Watchdog

Cyber espionage turned a corner this spring when Israeli fighter jets eradicated a building in the Gaza Strip believed to house Hamas cyber operatives carrying out attacks on Israel’s digital systems. Related: The Golden Age of cyber spying is upon us. That May 10th air strike by the Israel Defense Force marked the first use of military force in direct retaliation for cyber spying. This development underscores that we’re in the midst of a new age of cyber espionage.

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

Remember after last month’s relatively serene cyber security scene we said this wasn’t the beginning of the GDPRevolution ? July was bound to be a bounce-back month, but we couldn’t have expected the frighteningly high total of 2,266,042,039 breached records.

US Cyber Command Warns of Outlook Vulnerability Exploits

Data Breach Today

Researchers Say Attackers Could Have Ties to Iranian-Backed APT Group The U.S. Cyber Command has issued a warning that attackers are attempting to exploit an older vulnerability in Microsoft Outlook to plant remote access Trojans or other types of malware within government networks.

Android devices could be hacked by playing a video due to CVE-2019-2107 flaw

Security Affairs

Watch out! Playing a video on Android devices could be a dangerous operation due to a critical CVE-2019-2107 RCE flaw in Android OS between version 7.0 and 9.0.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

The Changing Face of Data Security in Federal Government

Thales eSecurity

What You Should Know About the Equifax Data Breach Settlement

Krebs on Security

Big-three credit bureau Equifax has reportedly agreed to pay at least $650 million to settle lawsuits stemming from a 2017 breach that let intruders steal personal and financial data on roughly 148 million Americans.

NEW TECH: A couple of tools that deserve wide use — to preserve the integrity of U.S. elections

The Last Watchdog

As the presidential debate season ramps up, the specter of nation-state sponsored hackers wreaking havoc, once more, with U.S. elections, looms all too large. It’s easy to get discouraged by developments such as Sen. McConnell recently blocking a bi-partisan bill to fund better election security , as well as the disclosure that his wife, Transportation Security Elaine Chao, has accepted money from voting machine lobbyists. Related: Why not train employees as phishing cops?

How to Get Your Equifax Settlement Money

WIRED Threat Level

A settlement with the FTC means Equifax will pay victims of its breach $125 or more. Make sure it pay ups. Security Security / Security News

IT 114

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Security Flaw Exposed Valid Airline Boarding Passes

Data Breach Today

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Security Affairs

According to a report published by cyber security firm Sixgill data for over 23 million payment card were on offer in underground forums in the first half of 2019. .

Sales 114

Authentication and the Have I Been Pwned API

Troy Hunt

The very first feature I added to Have I Been Pwned after I launched it back in December 2013 was the public API.

Neo-Nazi SWATters Target Dozens of Journalists

Krebs on Security

Nearly three dozen journalists at a broad range of major publications have been targeted by a far-right group that maintains a Deep Web database listing the personal information of people who threaten their views.

NEW TECH: Early adopters find smart ‘Zero Trust’ access improves security without stifling innovation

The Last Watchdog

As we approach the close of the second decade of the 21 st century, it’s stunning, though perhaps not terribly surprising, that abused logon credentials continue to fuel the never-ending escalation of cyber attacks. Related: Third-party risks exacerbated by the ‘gig economy’ Dare we anticipate a slowing — and ultimately the reversal – of this trend? Yes, I believe that’s now in order.

Access 122

Russia Is Going to Up Its Game for the 2020 Elections

WIRED Threat Level

"You don't need to change votes to cause chaos," Senator Mark Warner tells WIRED in an exclusive interview. Security Security / National Security

IT 113

More US Cities Battered by Ransomware

Data Breach Today

Infected City Fires IT Manager; New Victims in Florida, Georgia More U.S. cities and other governmental units reportedly have been hit by ransomware in an unrelenting wave that has proved profitable for hackers. Here's a roundup of the latest incidents

Crooks used rare Steganography technique to hack fully patched websites in Latin America

Security Affairs

Experts at Trustwave observed threat actors using a rare technique to compromise fully patched websites.

GDPR 114

Pwned Passwords, Version 5

Troy Hunt

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn't so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing authentication today.

Capital One Data Theft Impacts 106M People

Krebs on Security

Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp. Incredibly, much of this breach played out publicly over several months on social media and other open online platforms.

Cloud 258