January, 2019

Cybercrime Gangs Advertise Fresh Jobs, Hacking Services

Data Breach Today

Offerings Abound on Darknet Forums; The Dark Overlord Seeks Multilingual Hackers Numerous cybercrime gangs continue to use darknet forums to seek fresh recruits, sell stolen data or advertise hacking services.

Data 284

The 4 stages of cyber resilience

IT Governance

Until recently, organisations often spent almost all of their information security budget on prevention, effectively taking an all-or-nothing approach to the threat of data breaches. They either repelled the attack or faced the consequences head-on.

GDPR 100

Dirt-Cheap, Legit, Windows Software: Pick Two

Krebs on Security

Buying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition.

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

Would you back out of a driveway without first buckling up, checking the rear view mirror and glancing behind to double check that the way is clear? Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car.

Start Your Information Journey With A Step Backwards

Weissman's World

You say you’re tired of not being able to find the information you’re looking for. You say you’re concerned the information you do find is reliable. You say you’re worried about security breaches. And you say you’re ready to do something about it.

Groups 181

Microsoft Exchange zero-day and exploit could allow anyone to be an admin

Security Affairs

The security expert Dirk- jan Mollema with Fox-IT discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user with a mailbox to become a Domain Admin. The experts described the attack scenario in a blog post and published a proof-of-concept code.

More Trending

70,000 affected in B&Q data breach

IT Governance

Home improvement retailer B&Q has suffered a data breach affecting 70,000 of its… well, not customers, exactly. The breached database contained a list of people who had been caught stealing products from B&Q stores.

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company.

Port Covington, MD re-emerges as ‘CyberTown, USA’ — ground zero for cybersecurity research

The Last Watchdog

When CyberTown, USA is fully built out, it’s backers envision it emerging as the world’s premier technology hub for cybersecurity and data science. DataTribe , a Fulton, MD-based cybersecurity startup incubator, has been a key backer of this ambitious urban redevelopment project , which broke ground last October in Port Covington, MD, once a bustling train stop on the south side of Baltimore.

One Man’s Obsessive Fight to Reclaim His Cambridge Analytica Data

WIRED Threat Level

David Carroll has been locked in a legal war to force the infamous company to turn over its files on him. He’s won a battle, but the struggle continues. Backchannel Security

IT 106

Using steganography to obfuscate PDF exploits

Security Affairs

Experts discovered PDF exploit that was using steganography to hide malicious JavaScript code in images embedded in PDF files. The exploit analysis firm EdgeSpot recently discovered PDF exploit that was using steganography to hide malicious JavaScript code in images embedded in PDF files.

Apple Rushes to Fix Serious FaceTime Eavesdropping Flaw

Data Breach Today

Callers Can Hear and See Recipients Before They Pick Up Apple is preparing a fix for a serious flaw in its FaceTime software for making audio and video calls. The software can be abused to remotely eavesdrop on and view a recipient, without their knowledge, even if they don't answer the call

Video 259

Predictions 2019: Stay Stoney, My Friends.

John Battelle's Searchblog

If predictions are like baseball, I’m bound to have a bad year in 2019, given how well things went the last time around.

How the U.S. Govt. Shutdown Harms Security

Krebs on Security

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents.

Q&A: Why emerging IoT platforms require the same leading-edge security as industrial controls

The Last Watchdog

The heyday of traditional corporate IT networks has come and gone. In 2019, and moving ahead, look for legacy IT business networks to increasingly intersect with a new class of networks dedicated to controlling the operations of a IoT-enabled services of all types, including smart buildings, IoT-enabled healthcare services and driverless cars. Related: Why the golden age of cyber espionage is upon us.

IoT 144

Government Shutdown Leaves Americans More Vulnerable to Identity Theft, Scams

Adam Levin

citizens are more vulnerable to the effects of identity theft and scams as a result of the ongoing government shutdown.

Anatova ransomware – Expert believe it will be a dangerous threat

Security Affairs

Security experts at McAfee have discovered a new malware, dubbed Anatova ransomware, that has been spotted infecting computers worldwide. The name Anatova is based on a name in the ransom note that is dropped on the infected systems.

Airline Booking System Exposed Passenger Details

Data Breach Today

Do you have a data breach response plan?

IT Governance

This blog has been updated to reflect industry updates. Originally published 6 August 2018. The EU GDPR (General Data Protection Regulation) requires organisations to respond to serious data breaches within 72 hours of detection.

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

GUEST ESSAY: Why the hack of South Korea’s weapons, munitions systems was so predictable

The Last Watchdog

The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise. The breach of some 30 computers of South Korea’s Defense Acquisition Program Administration (DAPA), which is part of the Ministry of National Defense, reportedly occurred last October.

Perspective Check – Anticipation 2019

Weissman's World

It’s 2019, and Steve Weissman anticipates and addresses a number of key themes for the new year: 0:44 – Metadata and database fields: ‘labels’ as the keys to … everything! 1:38 – AI and machine learning: not the same things, no matter what the marketing says 3:24 – RPA: simply workflow by another name? 4:08 […]. The post Perspective Check – Anticipation 2019 appeared first on Holly Group.

Researchers published the PoC exploit code for Linux SystemD bugs

Security Affairs

Security researchers at the security firm Capsule8 have published exploit code for the vulnerabilities in Linux systemD disclosed in January. Security researchers at the security firm Capsule8 have published exploit code for the vulnerabilities in Linux systemD disclosed in January.

Government Shutdown: Experts Fear Deep Cybersecurity Impact

Data Breach Today

Readiness, Morale, Investigations and Recruitment at Risk as Standoff Persists The U.S.

Google fined £44 million in landmark GDPR ruling

IT Governance

Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). .

GDPR 103

“Stole $24 Million But Still Can’t Keep a Friend”

Krebs on Security

Unsettling new claims have emerged about Nicholas Truglia , a 21-year-old Manhattan resident accused of hijacking cell phone accounts to steal tens of millions of dollars in cryptocurrencies from victims.

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

The Last Watchdog

Malicious intruders have long recognized that getting their hands on privileged credentials equates to possessing the keys to the kingdom. This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints. Related: California enacts pioneering privacy law.

Access 129

Machine Learning to Detect Software Vulnerabilities

Schneier on Security

No one doubts that artificial intelligence (AI) and machine learning (ML) will transform cybersecurity. We just don't know how , or when.

Unpatched Cisco critical flaw CVE-2018-15439 exposes small Business Networks to hack

Security Affairs

Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device.

Feds Urge Private Sector 'Shields Up' Against Hackers

Data Breach Today

Trump Administration Warns of Economic Espionage Risk From China, Russia, Iran The Trump administration has launched a public awareness campaign, spearheaded by the National Counterintelligence and Security Center, urging the U.S.

Risk 236

6 tools to help you prevent and respond to data breaches

IT Governance

There are few things organisations fear more than data breaches. They cause immediate delays, are expensive and could lead to long-term reputational damage. The stakes were raised with the enforcement of the EU GDPR (General Data Protection Regulation) in May 2018.

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

Krebs on Security

Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned.

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

Late last year, Atrium Health disclosed it lost sensitive data for some 2.65 million patients when hackers gained unauthorized access to databases operated by a third-party billing vendor.

Tools 125

Trojans and Spyware Are Making a Comeback

Adam Levin

Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes.