June, 2018

Hackers Demand $770,000 Ransom From Canadian Banks

Data Breach Today

Cybercrime: FBI Says Ransomware, Extortion Continue to Dominate Hackers have reportedly demanded a ransom from Bank of Montreal and Simplii Financial in exchange for not dumping 90,000 customers' account details on a fraud forum.

How to Avoid Card Skimmers at the Pump

Krebs on Security

How To 208

Legacy Content Migration: The Crowd Has it Wrong

Weissman's World

A few weeks ago, I used this space to wonder how top-of-mind content migration is among organizations whose legacy solutions are more than 8 years old – which, it turns out, accounts for more than 75% of those in service.

Groups 190

MY TAKE: These 7 nation-state backed hacks have put us on the brink of a global cyber war

The Last Watchdog

Nation-state backed hacking collectives have been around at least as long as the Internet. However, evidence that the ‘golden age’ of cyber espionage is upon us continues to accumulate as the first half of 2018 comes to a close. Related podcast : Obsolescence is creeping into legacy security systems. What’s changed is that cyber spies are no longer content with digital intelligence gathering.

List of data breaches and cyber attacks in June 2018 – 145,942,680 records leaked

IT Governance

As another month ends, let’s look back at the data breaches and cyber attacks that have come to light in the last few weeks. Earlier this month I had a conversation about cyber security that ended with someone offering the familiar opinion: “Oh, I won’t be hacked – our website isn’t very popular”.

Ten best practices for a successful RIM training program – Part one

TAB OnRecord

As you begin new records and information management programs, you will inevitably encounter the challenge of how to train employees and enlist their cooperation. In this two-part blog post, we share the ten best practices for a successful records and information management training program.

Massive CIA Hacking Tool Leak: Ex-Agency Employee Charged

Data Breach Today

Lead Suspect Joshua A. Schulte Already Detained on Child Pornography Charges The U.S. Department of Justice has charged a former CIA officer, 29-year-old Joshua A.

Tools 206

More Trending

Perspective Check: Context is Everything in InfoGov

Weissman's World

If you’ve ever used Google to help you find a new infogov technology solution, then you know how every one you find, from every vendor you look at, seems like the answer to all your problems. Here’s how to figure out which one(s) work best in your context!

Groups 156

Why big companies ignore SAP security patches — and how that could bite them, big time

The Last Watchdog

Threat actors in the hunt for vulnerable targets often look first to ubiquitous platforms. It makes perfect sense for them to do so. Related article: Triaging open-source exposures. Finding a coding or design flaw on Windows OS can point the way to unauthorized to access to a treasure trove of company networks that use Windows. The same holds true for probing widely used open source protocols, as occurred when Heartbleed and Shellshock came to light.

Q&A: Saadia Muzaffar talks responsible innovation, diversity, and the OpenText Women in Technology Summit

OpenText Information Management

If you don’t already know her, it’s time you met Saadia Muzaffar. Saadia is an incredible tech entrepreneur, author, and passionate advocate of responsible innovation.

Blog 95

Infographic: List of data breaches in 2017

IT Governance

2017 was a big year for data breaches. Uber , Equifax and Yahoo all fell victim, and many small organisations also suffered a breach or cyber attack. When it comes to cyber threats, all types of organisations are at risk.

Marketing Firm Exposes 340 Million Records on US Consumers

Data Breach Today

2 Terabyte Database Includes Up To 150 Fields With US Consumers' Data A computer security researcher has discovered a vast marketing database containing 340 million records on U.S. consumers.

Google to Fix Location Data Leak in Google Home, Chromecast

Krebs on Security

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products.

Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records

WIRED Threat Level

The leak may include data on hundreds of millions of Americans, with hundreds of details for each, from demographics to personal interests. Security

Mobile security advances to stopping device exploits — not just detecting malicious apps

The Last Watchdog

The most profound threat to corporate networks isn’t the latest, greatest malware. It’s carbon-based life forms. Humans tend to be gullible and impatient. With our affiliations and preferences put in play by search engines and social media, we’re perfect patsies for social engineering. And because we are slaves to convenience, we have a propensity for taking shortcuts when it comes to designing, configuring and using digital systems. Related article: Is your mobile device spying on you?

We're Baking Have I Been Pwned into Firefox and 1Password

Troy Hunt

Pretty much every day, I get a reminder from someone about how little people know about their exposure in data breaches. Often, it's after someone has searched Have I Been Pwned (HIBP) and found themselves pwned somewhere or other. Frequently, it's some long-forgotten site they haven't even thought about in years and also frequently, the first people know of these incidents is via HIBP: large @ticketfly data breach.

How to prepare for a penetration test

IT Governance

Conducting a successful penetration test is a challenge for even the most experienced tester. It involves much more than simply running tools and probing systems.

Cryptocurrency Theft: $1.1 Billion Stolen in Last 6 Months

Data Breach Today

Exchanges Remain Prime Target; Easily Available Hacking Tools Aid Attackers As bitcoin continues its massive price fluctuations, a new report says criminals have continued their push to get extortion and ransom payments in more stable cryptocurrencies.

Tools 204

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

Krebs on Security

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people , many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West.

The New Satellite Arms Race Threatening to Explode in Space

WIRED Threat Level

Trump’s call for a “Space Force” escalates a quiet, dangerous contest between the US, China, and Russia—one whose consequences no one really understands. Science Security Backchannel

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

Don’t look now but cryptojacking may be about to metastasize into the scourge of cloud services. Cryptojacking, as defined by the Federal Trade Commission , is the use of JavaScript code to capture cryptocurrencies in users’ browsers without asking permission. There’s a temptation to dismiss it as a mere nuisance; companies deep into ‘digital transformation,’ in particular, might be lulled into this sort of apathy. Related: Why cryptojacking is more insidious than ransomware.

Mining 144

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications.

Real-life examples of social engineering – part 2

IT Governance

Last month, I published an article looking at two examples of the use of social engineering in everyday life. I’d like to continue the theme of that article by talking about three other social engineering attacks that caused great damage. Diamonds, diamonds, DIAMONDS.

Ticketmaster Breach Traces to Embedded Chatbot Software

Data Breach Today

Hacker Modified JavaScript Chatbot to Scrape Customers' Card Payment Details Ticketmaster is warning customers that it suffered a data breach after an attacker modified its third-party chatbot software to steal customers' payment card details.

AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties

Krebs on Security

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, AT&T , Sprint and Verizon now say they are terminating location data sharing agreements with third parties.

Demo 189

Trump Says He Gave Kim Jong Un His Direct Number. Never Do That.

WIRED Threat Level

If Trump actually followed White House protocol for secure calling, it's probably fine. But what are the odds? Security

IT 87

VASCO rebrands as OneSpan, makes acquisition, to support emerging mobile banking services

The Last Watchdog

Bank patrons in their 20s and 30s, who grew up blanketed with digital screens, have little interest in visiting a brick-and-mortar branch, nor interacting with a flesh-and-blood teller. This truism is pushing banks into unchartered territory. They are scrambling to invent and deliver a fresh portfolio of mobile banking services that appeal to millennials. Related articles: Hackers revamp tactics, target mobile wallets. This, of course, is a tall task.

Reader Favorites June 2018: Our most popular RIM resources

TAB OnRecord

Our most popular resources this month cover: ways to optimize the management of physical records, what to consider when auditing incoming files, and how to get the most out of cloud storage.

Tips 85

GP practice fined £35K for failing to secure medical records

IT Governance

The Information Commissioner’s Office (ICO) has fined London surgery Bayswater Medical Centre (BMC) £35,000 after highly sensitive medical information was left unsecured in an empty building.

EU Claims Kaspersky Lab Software 'Confirmed as Malicious'

Data Breach Today

In Response, Software Firm Pauses Work With Europol and 'No More Ransom' Portal The anti-Kaspersky Lab rhetoric continues to heat up, with the European Parliament passing a motion that brands the Moscow-based firm's software as being "confirmed as malicious."


Supreme Court: Police Need Warrant for Mobile Location Data

Krebs on Security

The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users.

Demo 156

North Korea Has Promised to Denuclearize Lots of Times Already

WIRED Threat Level

Donald Trump got out of Kim Jong Un a promise that North Korea has already made—and broken—multiple times. Security

As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream

The Last Watchdog

The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. Most individuals today are nonplussed when required, under certain circumstances, to retrieve a one-time passcode, pushed out in a text message to their smartphone, and then typing the passcode to gain access to a privileged account. Related: Why data science is the key to securing networks.

Ten best practices for a successful RIM training program – Part two

TAB OnRecord

In last week’s blog post we started to explore ten best practices for records management training programs. In part two we will continue by discussing five more best practices for RIM program training success.

Cyber attacks hit a fifth of schools and colleges

IT Governance

One in five schools and colleges have fallen victim to cyber crime, according to research from the specialist insurer Ecclesiastical, yet the majority (74%) of educational establishments claim to be “fully prepared” to deal with such attacks. .

Exclusive: Aussie Firm Loses $6.6M to Backdoored Cryptocurrency

Data Breach Today

Soarcoin' Cryptocurrency Coded With Backdoor Hidden in Plain Site Australian police in Queensland are pursuing a criminal investigation into what may be one of the first instances of a company swiping cryptocurrency using a software backdoor after a business deal went bad


Information Governance Conference 2018 Keynote Announced


The Information Governance Conference , or InfoGovCon, is a fantastic event for information professionals run by my friends at the Information Coalition. This year's event, held September 25-28 in Providence, will mark InfoGovCon's 5th year.