June, 2018

How to Avoid Card Skimmers at the Pump

Krebs on Security

How To 209

Hackers Demand $770,000 Ransom From Canadian Banks

Data Breach Today

Cybercrime: FBI Says Ransomware, Extortion Continue to Dominate Hackers have reportedly demanded a ransom from Bank of Montreal and Simplii Financial in exchange for not dumping 90,000 customers' account details on a fraud forum.

MY TAKE: These 7 nation-state backed hacks have put us on the brink of a global cyber war

The Last Watchdog

Nation-state backed hacking collectives have been around at least as long as the Internet. However, evidence that the ‘golden age’ of cyber espionage is upon us continues to accumulate as the first half of 2018 comes to a close. Related podcast : Obsolescence is creeping into legacy security systems. What’s changed is that cyber spies are no longer content with digital intelligence gathering.

List of data breaches and cyber attacks in June 2018 – 145,942,680 records leaked

IT Governance

As another month ends, let’s look back at the data breaches and cyber attacks that have come to light in the last few weeks. Earlier this month I had a conversation about cyber security that ended with someone offering the familiar opinion: “Oh, I won’t be hacked – our website isn’t very popular”.

Legacy Content Migration: The Crowd Has it Wrong

Weissman's World

A few weeks ago, I used this space to wonder how top-of-mind content migration is among organizations whose legacy solutions are more than 8 years old – which, it turns out, accounts for more than 75% of those in service.

IT 190

Q&A: Saadia Muzaffar talks responsible innovation, diversity, and the OpenText Women in Technology Summit

OpenText Information Management

If you don’t already know her, it’s time you met Saadia Muzaffar. Saadia is an incredible tech entrepreneur, author, and passionate advocate of responsible innovation.

More Trending

Massive CIA Hacking Tool Leak: Ex-Agency Employee Charged

Data Breach Today

Lead Suspect Joshua A. Schulte Already Detained on Child Pornography Charges The U.S. Department of Justice has charged a former CIA officer, 29-year-old Joshua A.

Tools 206

Why big companies ignore SAP security patches — and how that could bite them, big time

The Last Watchdog

Threat actors in the hunt for vulnerable targets often look first to ubiquitous platforms. It makes perfect sense for them to do so. Related article: Triaging open-source exposures. Finding a coding or design flaw on Windows OS can point the way to unauthorized to access to a treasure trove of company networks that use Windows. The same holds true for probing widely used open source protocols, as occurred when Heartbleed and Shellshock came to light.

Infographic: List of data breaches in 2017

IT Governance

2017 was a big year for data breaches. Uber , Equifax and Yahoo all fell victim, and many small organisations also suffered a breach or cyber attack. When it comes to cyber threats, all types of organisations are at risk.

Perspective Check: Context is Everything in InfoGov

Weissman's World

If you’ve ever used Google to help you find a new infogov technology solution, then you know how every one you find, from every vendor you look at, seems like the answer to all your problems. Here’s how to figure out which one(s) work best in your context!

Groups 156

Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records

WIRED Threat Level

The leak may include data on hundreds of millions of Americans, with hundreds of details for each, from demographics to personal interests. Security

Google to Fix Location Data Leak in Google Home, Chromecast

Krebs on Security

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products.

IoT 205

Marketing Firm Exposes 340 Million Records on US Consumers

Data Breach Today

2 Terabyte Database Includes Up To 150 Fields With US Consumers' Data A computer security researcher has discovered a vast marketing database containing 340 million records on U.S. consumers.

Mobile security advances to stopping device exploits — not just detecting malicious apps

The Last Watchdog

The most profound threat to corporate networks isn’t the latest, greatest malware. It’s carbon-based life forms. Humans tend to be gullible and impatient. With our affiliations and preferences put in play by search engines and social media, we’re perfect patsies for social engineering. And because we are slaves to convenience, we have a propensity for taking shortcuts when it comes to designing, configuring and using digital systems. Related article: Is your mobile device spying on you?

Real-life examples of social engineering – part 2

IT Governance

Last month, I published an article looking at two examples of the use of social engineering in everyday life. I’d like to continue the theme of that article by talking about three other social engineering attacks that caused great damage. Diamonds, diamonds, DIAMONDS.

Information Governance Conference 2018 Keynote Announced

JKevinParker

The Information Governance Conference , or InfoGovCon, is a fantastic event for information professionals run by my friends at the Information Coalition. This year's event, held September 25-28 in Providence, will mark InfoGovCon's 5th year.

North Korea Has Promised to Denuclearize Lots of Times Already

WIRED Threat Level

Donald Trump got out of Kim Jong Un a promise that North Korea has already made—and broken—multiple times. Security

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

Krebs on Security

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people , many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West.

Cryptocurrency Theft: $1.1 Billion Stolen in Last 6 Months

Data Breach Today

Exchanges Remain Prime Target; Easily Available Hacking Tools Aid Attackers As bitcoin continues its massive price fluctuations, a new report says criminals have continued their push to get extortion and ransom payments in more stable cryptocurrencies.

Tools 204

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

Don’t look now but cryptojacking may be about to metastasize into the scourge of cloud services. Cryptojacking, as defined by the Federal Trade Commission , is the use of JavaScript code to capture cryptocurrencies in users’ browsers without asking permission. There’s a temptation to dismiss it as a mere nuisance; companies deep into ‘digital transformation,’ in particular, might be lulled into this sort of apathy. Related: Why cryptojacking is more insidious than ransomware.

Mining 147

How to prepare for a penetration test

IT Governance

Conducting a successful penetration test is a challenge for even the most experienced tester. It involves much more than simply running tools and probing systems.

[Guest Post] Infosecurity: 3 Industry Trends to Follow

AIIM

In light of recent events, we can all agree that information security has been criminally overlooked on some major fronts across most industries. Absolutely mind-boggling attacks on major corporations like Sony, Yahoo and Equifax have consecrated InfoSec in the most frightening way possible.

Inside Anduril, Palmer Luckey's Bid to Build A Border Wall

WIRED Threat Level

How the Oculus founder, along with ex-Palantir executives, plan to reinvent national security, starting with Trump's agenda. Security Backchannel

AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties

Krebs on Security

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, AT&T , Sprint and Verizon now say they are terminating location data sharing agreements with third parties.

Demo 194

Ticketmaster Breach Traces to Embedded Chatbot Software

Data Breach Today

Hacker Modified JavaScript Chatbot to Scrape Customers' Card Payment Details Ticketmaster is warning customers that it suffered a data breach after an attacker modified its third-party chatbot software to steal customers' payment card details.

VASCO rebrands as OneSpan, makes acquisition, to support emerging mobile banking services

The Last Watchdog

Bank patrons in their 20s and 30s, who grew up blanketed with digital screens, have little interest in visiting a brick-and-mortar branch, nor interacting with a flesh-and-blood teller. This truism is pushing banks into unchartered territory. They are scrambling to invent and deliver a fresh portfolio of mobile banking services that appeal to millennials. Related articles: Hackers revamp tactics, target mobile wallets. This, of course, is a tall task.

GP practice fined £35K for failing to secure medical records

IT Governance

The Information Commissioner’s Office (ICO) has fined London surgery Bayswater Medical Centre (BMC) £35,000 after highly sensitive medical information was left unsecured in an empty building.

How to Stop DDoS Attacks: 6 Tips for Fighting DDoS Attacks

eSecurity Planet

Stopping a DDoS attack quickly is critical for the survival of your business. Here are six ways you can stop a DDoS attack

Tips 113

The New Satellite Arms Race Threatening to Explode in Space

WIRED Threat Level

Trump’s call for a “Space Force” escalates a quiet, dangerous contest between the US, China, and Russia—one whose consequences no one really understands. Science Security Backchannel

Supreme Court: Police Need Warrant for Mobile Location Data

Krebs on Security

The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users.

Demo 159

EU Claims Kaspersky Lab Software 'Confirmed as Malicious'

Data Breach Today

In Response, Software Firm Pauses Work With Europol and 'No More Ransom' Portal The anti-Kaspersky Lab rhetoric continues to heat up, with the European Parliament passing a motion that brands the Moscow-based firm's software as being "confirmed as malicious."

190
190

As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream

The Last Watchdog

The use of an additional form of authentication to protect the accessing of a sensitive digital system has come a long way over the past decade and a half. Most individuals today are nonplussed when required, under certain circumstances, to retrieve a one-time passcode, pushed out in a text message to their smartphone, and then typing the passcode to gain access to a privileged account. Related: Why data science is the key to securing networks.

Cyber attacks hit a fifth of schools and colleges

IT Governance

One in five schools and colleges have fallen victim to cyber crime, according to research from the specialist insurer Ecclesiastical, yet the majority (74%) of educational establishments claim to be “fully prepared” to deal with such attacks. .

Protecting Sensitive Company Data: How to Educate Employees

AIIM

The threat of a hack is greater than it ever has been before with technology now reaching all parts of the world and granting access to the internet uniformly.