February, 2020

NextMotion plastic surgery tech firm data leak

Security Affairs

Photos and personal information belonging to patients of the NextMotion plastic surgery tech firm have been exposed online through an unsecured S3 bucket.

WiFi: A New Way to Spread Emotet Malware

Data Breach Today

Researchers Say Trojan's Developers Devising Ways to Spread Trojan to More Devices Security researchers have found that the developers of the Emotet Trojan have created a new way to spread it to more victims - attackers are using unsecured WiFi networks as a way to deliver the malware to more devices.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How a Hacker's Mom Broke Into a Prison—and the Warden's Computer

WIRED Threat Level

Security analyst John Strand had a contract to test a correctional facility’s defenses. He sent the best person for the job: his mother. Security Security / Cyberattacks and Hacks

How AI Is Tracking the Coronavirus Outbreak

WIRED Threat Level

Machine-learning programs are analyzing websites, news reports, and social media posts for signs of symptoms, such as fever or breathing problems. . Business Business / Artificial Intelligence Security

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

BEC Group Favors G-Suite, Physical Checks: Report

Data Breach Today

Agari Says 'Exaggerated Lion' Has Targeted Businesses Throughout US A business email compromise group targeting U.S. businesses is using G-Suite for their scams and collecting money through physical checks instead of wire transfers, according to the security firm Agari

More Trending

7 Tips to Improve Your Employees' Mobile Security

Dark Reading

Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them

Risk 81

MGM Data Breach Affects Over 10 Million Customers

Adam Levin

The personal information of over 10.6 million customers of MGM Resorts has been published online. MGM Resorts confirmed the leaked data as being the result of a data breach that occurred last year.

6 Truths About Disinformation Campaigns

Dark Reading

Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know

Ransomware Attacks Growing More Targeted and Professional

Data Breach Today

McAfee's John Fokker Charts the Increasingly Advanced Cybercrime Service Economy Ransomware-wielding attackers - aided by a service economy that gives them access to more advanced attack tools - are increasingly targeting organizations rather than individuals to shake them down for bigger ransom payoffs, says McAfee's John Fokker.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Hackers Were Inside Citrix for Five Months

Krebs on Security

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents.

Lawsuit Claims HIV Data Exposed in Leak

Data Breach Today

Legal Action Stems From Misconfigured Database at UW Medicine A lawsuit seeking class action status filed against UW Medicine in the wake of a data leak incident has been amended to reflect that at least one HIV patient allegedly had their data exposed.

New Mexico Sues Google Over Children's Privacy

Data Breach Today

State Alleges Data About Young Students Is Illegally Collected New Mexico is suing Google, alleging the company violates a federal child privacy law by collecting the personal data of students younger than age 13 without their parents' consent.

Plastic Surgery Database Exposed: Researchers

Data Breach Today

French Technology Firm's Database Was Unprotected, Report Says An unsecured database belonging to a French technology firm that supplies video and digital equipment to plastic surgery and determatology clinics exposed content on 900,000 patients, according to a report from two independent security researchers.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Olympics Could Face Disruption from Regional Powers

Dark Reading

Destructive attacks and disinformation will likely target the Summer Olympics in Tokyo, two groups of threat experts say


MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

Less than 48 hours after the killing of Iran’s General Qasem Soleimani, the U.S. Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.”

Booter Boss Busted By Bacon Pizza Buy

Krebs on Security

A Pennsylvania man who operated one of the Internet’s longest-running online attack-for-hire or “booter” services was sentenced to five years probation today.

Why I Didn’t Join a Software Company

Weissman's World

If I heard it once, I heard it a dozen times since announcing my move to Valora Technologies the other week: “So, you’re going to work for a software company!” To which my response has been, “Kind of, but not really.”

IT 156

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

New Ransomware Targets Industrial Control Systems

Schneier on Security

EKANS is a new ransomware that targets industrial control systems: But EKANS also uses another trick to ratchet up the pain: It's designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems.

Cybersecurity Plan for 2020 US Election Unveiled

Data Breach Today

CISA Describes Its Role as Security Facilitator The U.S.

New Trickbot Delivery Method Focuses on Windows 10

Dark Reading

Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10


MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program.

Handling Huge Traffic Spikes with Azure Functions and Cloudflare

Troy Hunt

Back in 2016, I wrote a blog post about the Martin Lewis Money show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time.

All versions of Apache Tomcat are affected by the Ghostcat flaw

Security Affairs

Ghostcat flaw affects all versions of Apache Tomcat and could be exploited by hackers to read configuration files or install backdoors on vulnerable servers.

GAO: Census Bureau Comes Up Short on Cybersecurity

Data Breach Today

With 2020 Census Slate to Start April 1, Bureau Still Has Work to Do The U.S. Census Bureau has not done enough to address cybersecurity issues in preparation for the 2020 census, which is slated to begin April, according to a new report from the Government Accountability Office

Firefox Enables DNS over HTTPS

Schneier on Security

This is good news : Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted.

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

The Last Watchdog

When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses.

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data

Krebs on Security

The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data.

Firms Improve Threat Detection but Face Increasingly Disruptive Attacks

Dark Reading

In addition, more third parties are discovering the attacks rather than the companies themselves