January, 2019

article thumbnail

Cybercrime Gangs Advertise Fresh Jobs, Hacking Services

Data Breach Today

Offerings Abound on Darknet Forums; The Dark Overlord Seeks Multilingual Hackers Numerous cybercrime gangs continue to use darknet forums to seek fresh recruits, sell stolen data or advertise hacking services. One recent job listing from the data-leaking blackmail gang called The Dark Overlord sought technically proficient individuals who were fluent in Arabic, Chinese or German.

278
278
article thumbnail

The 4 stages of cyber resilience

IT Governance

Until recently, organisations often spent almost all of their information security budget on prevention, effectively taking an all-or-nothing approach to the threat of data breaches. They either repelled the attack or faced the consequences head-on. However, with data breaches becoming more common and varied, organisations have realised that it’s impossible to eradicate every risk.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Dirt-Cheap, Legit, Windows Software: Pick Two

Krebs on Security

Buying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition. But purchasing steeply discounted licenses for cloud-based subscription products like recent versions of Microsoft Office can be an extremely risky transaction, mainly because you may not have full control over who has access to your data.

Passwords 244
article thumbnail

Microsoft Exchange zero-day and exploit could allow anyone to be an admin

Security Affairs

The security expert Dirk- jan Mollema with Fox-IT discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user with a mailbox to become a Domain Admin. The experts described the attack scenario in a blog post and published a proof-of-concept code. “In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin.” wrot

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Eliminate the challenges of binding: Jamf Connect now integrates with Azure Active Directory

Jamf

Now with one username and password, organizations have the ability to provide users with a simple, unified authentication and account synchronization process — while still offering the best possible Apple experience. Read the full details.

Passwords 111

More Trending

article thumbnail

Is GDPR Compliance Tougher Than HIPAA Compliance?

Data Breach Today

Analysts: GDPR Case in Portugal Offers Lessons for U.S. Healthcare Entities An EU General Data Protection Regulation enforcement action against a hospital in Portugal demonstrates complying with GDPR may be even tougher than complying with HIPAA. Regulatory experts analyze the implications of the case.

GDPR 273
article thumbnail

Do you have a data breach response plan?

IT Governance

This blog has been updated to reflect industry updates. Originally published 6 August 2018. The EU GDPR (General Data Protection Regulation) requires organisations to respond to serious data breaches within 72 hours of detection. This places a significant burden on organisations: taking the appropriate measures to comply with the law while simultaneously dealing with the collateral impact of a breach is not a picnic!

article thumbnail

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legi

Phishing 278
article thumbnail

Dark Overlord hacking crew publishes first batch of confidential 9/11 files

Security Affairs

The Dark Overlord published the first batch of decryption keys for 650 confidential documents related to the 9/11 terrorist attacks. The Dark Overlord hacking group claims to have stolen a huge trove of documents from the British insurance company Hiscox, Hackers stole “hundreds of thousands of documents,” including tens of thousands files related to the 9/11 terrorist attacks.

Insurance 111
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

Hunton Privacy

On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers. The guidance focused, in particular, on such a scenario in the context of the EU General Data Protection Regulation (“GDPR”).

article thumbnail

'The goal is to automate us': welcome to the age of surveillance capitalism

The Guardian Data Protection

Shoshana Zuboff’s new book is a chilling exposé of the business model that underpins the digital world. Observer tech columnist John Naughton explains the importance of Zuboff’s work and asks the author 10 key questions We’re living through the most profound transformation in our information environment since Johannes Gutenberg’s invention of printing in circa 1439.

IT 109
article thumbnail

Cisco Studies Global Impact of GDPR

Data Breach Today

Cisco is out with findings from its 2019 Data Privacy Benchmark Study, which shows the impact of GDPR compliance as well as how customers are asking more questions about how their data is secured. Cisco Chief Privacy Officer Michelle Dennedy analyzes the survey.

GDPR 269
article thumbnail

70,000 affected in B&Q data breach

IT Governance

Home improvement retailer B&Q has suffered a data breach affecting 70,000 of its… well, not customers, exactly. The breached database contained a list of people who had been caught stealing products from B&Q stores. The document included the names of the offenders, the items they had stolen, the value of the goods and the stores they were taken from.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

How the U.S. Govt. Shutdown Harms Security

Krebs on Security

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come.

Security 252
article thumbnail

Rapid7 announced the release of Metasploit 5.0

Security Affairs

Rapid7 announced the release of Metasploit 5.0, the latest version of the popular penetration testing framework that promises to be very easy to use. Rapid7 announced the release of Metasploit 5.0 , the new version includes several new important features and, the company believes it will easier to use and more powerful. Most important changes introduced in the Metasploit 5.0 include new database and automation APIs, evasion modules and libraries, language support, improved performance.

Libraries 111
article thumbnail

Austrian DPA Issues Decision on Validity of Cookie Consent Solution

Hunton Privacy

On November 30, 2018, the Austrian Data Protection Authority (“DPA”) published a decision in response to a complaint received from an individual regarding the cookie consent options offered on an Austrian newspaper’s website. As a factual matter, the Austrian newspaper offered three options to individuals who sought to access content on the site: (1) accept the use of cookies for analytics and advertising purposes and have full, complimentary website access; (2) refuse cookies and obtain access

GDPR 108
article thumbnail

Leadership Behaviors

PerezBox

I have been given a lot of thought to Leadership lately. I have been placing special emphasis on the things I personally look for in Leaders. It doesn’t matter if. Read More. The post Leadership Behaviors appeared first on PerezBox.

IT 103
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Apple Rushes to Fix Serious FaceTime Eavesdropping Flaw

Data Breach Today

Callers Can Hear and See Recipients Before They Pick Up Apple is preparing a fix for a serious flaw in its FaceTime software for making audio and video calls. The software can be abused to remotely eavesdrop on and view a recipient, without their knowledge, even if they don't answer the call.

IT 260
article thumbnail

6 tools to help you prevent and respond to data breaches

IT Governance

There are few things organisations fear more than data breaches. They cause immediate delays, are expensive and could lead to long-term reputational damage. The stakes were raised with the enforcement of the EU GDPR (General Data Protection Regulation) in May 2018. It demands adequate security measures and has been widely publicised, as it has the potential to levy large fines against non-compliant organisations.

article thumbnail

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned.

article thumbnail

Hacktivist Martin Gottesfeld 10 years in prison for hospital cyberattack

Security Affairs

The American hacktivist Martin Gottesfeld (34) has been sentenced to 10 years in prison for carrying out DDoS attacks against two healthcare organizations in the US in 2014. The alleged Anonymous member, Martin Gottesfeld, was accused of launching DDoS attacks against the two US healthcare organizations in 2014, the Boston Children’s Hospital and the Wayside Youth and Family Support Network.

IT 105
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Revolut’s clumsy automated bank compliance results in frozen accounts and lack of customer service

Collaboration 2.0

The hand off of perceived account irregularities from Revolut’s AI driven compliance systems and algorithms to their support and partners is when the account freeze ups appear to start, and customers are suffering

article thumbnail

8 Cybersecurity Myths Debunked

Dark Reading

The last thing any business needs is a swarm of myths and misunderstandings seeding common and frequent errors organizations of all sizes make in safeguarding data and infrastructure.

article thumbnail

Government Shutdown: Experts Fear Deep Cybersecurity Impact

Data Breach Today

Readiness, Morale, Investigations and Recruitment at Risk as Standoff Persists The U.S. government shutdown is impacting agencies integral to the nation's cybersecurity readiness, and experts fear its long-term impact on the country's cyberattack response capabilities, as well as the risk that it will drive away desperately needed new cybersecurity talent from entering public service.

article thumbnail

Google fined £44 million in landmark GDPR ruling

IT Governance

Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). . It’s by far the biggest fine related to the GDPR, which took effect in May 2018 and gave regulatory bodies much stronger disciplinary powers. . What did Google do wrong? . The CNIL concluded that Google had violated the GDPR in two ways.

GDPR 108
article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

Krebs on Security

Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.

Cloud 206
article thumbnail

Tens of thousands of hot tubs are exposed to hack

Security Affairs

Experts from security firm Pen Test Partners reported that tens of thousands of hot tubs are currently vulnerable to cyber attacks. Security experts at Pen Test Partners have discovered thousands of connected hot tubs vulnerable to remote cyber attacks. The hot tubs could be remotely controlled by an app, dubbed Balboa Water App, that lack of authentication mechanisms. “The mobile app connects to a Wi-Fi access point on the tub.

IoT 105
article thumbnail

One Man’s Obsessive Fight to Reclaim His Cambridge Analytica Data

WIRED Threat Level

David Carroll has been locked in a legal war to force the infamous company to turn over its files on him. He’s won a battle, but the struggle continues.

IT 107