October, 2019

Malware Most Foul: Emotet, Trickbot, Cryptocurrency Miners

Data Breach Today

Researchers: Targeted Crime Attacks Surge, Continue to Blend With Nation-State Campaigns Banking Trojans and cryptocurrency mining malware continue to be among the most-seen types of malicious code used for nontargeted attacks.

Mining 239

SHARED INTEL: What it takes to preserve business continuity, recover quickly from a cyber disaster

The Last Watchdog

To pay or not to pay? That’s the dilemma hundreds of organizations caught in the continuing surge of crippling ransomware attacks have faced. Related: How ransomware became such a scourge The FBI discourages it, as you might have guessed. What’s more, the U.S.

7 Cybersecurity Threats That Can Sneak Up on You

WIRED Threat Level

From rogue USB sticks to Chrome extensions gone wild, here is a quick guide to some basic risks you should look out for. Security Security / Security Advice

Risk 114

When Improving Processes, Anticipate Circumstances Beyond Your Control

Weissman's World

We spend a lot of time advocating for process improvement everywhere we can – the proven thinking being that even the best information available loses value if it can’t be effectively shared and leveraged.

IT 197

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Zynga's Breach Notification: How to Not Inform Victims

Data Breach Today

Don't Blame Us, Blame Hackers, Mobile Gaming Giant Says "Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes.

More Trending

We need to talk about Go

Thales eSecurity

I love the Go programming language. It’s easy to use, concise and powerful. These characteristics appeal to the typical programmer’s mindset. Yet, the brevity of the language can be a source of frustration.

MY TAKE: CASBs help companies meet ‘shared responsibility’ for complex, rising cloud risks

The Last Watchdog

Cloud Access Security Brokers – aka “caz-bees” — have come a long way in a short time. CASBs, a term coined by tech industry consultancy Gartner, first cropped about seven years ago to help organizations enforce security and governance policies as they commenced, in earnest, their march into the cloud.

Risk 162

sudo flaw allows any users to run commands as Root on Linux

Security Affairs

Experts discovered a security policy bypass issue in the Sudo utility that is installed as a command on almost every Linux and Unix system. The Sudo utility that is installed as a command on almost every Linux and Unix system is affected by a security policy bypass issue tracked as CVE-2019-14287.

Factoring 2048-bit Numbers Using 20 Million Qubits

Schneier on Security

This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk.

Paper 114

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Unpatched VPN Servers Targeted by Nation-State Attackers

Data Breach Today

Breaches at NetworkSolutions, Register.com, and Web.com

Krebs on Security

Top domain name registrars NetworkSolutions.com , Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. A notice to customers at notice.web.com.

Own Your Cloud Security

Thales eSecurity

It’s hard to believe it’s mid-October. Along with autumn, comes National Cybersecurity Awareness Month (NCSAM). The NCSAM 2019 focuses on personal accountability. Driven through mass public engagement, the ‘Own IT. Secure. Protect IT.’

Cloud 119

MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches

The Last Watchdog

It’s clear that managed security services providers (MSSPs) have a ripe opportunity to step into the gap and help small- to medium-sized businesses (SMBs) and small- to medium-sized enterprises (SMEs) meet the daunting challenge of preserving the privacy and security of sensitive data.

Risk 163

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

SIM cards used in 29 countries are vulnerable to Simjacker attack

Security Affairs

Security researchers at Adaptive Mobile who discovered the SimJacker issue have published the list of countries where mobile operators use flawed SIM cards.

Paper 114

Cracking the Passwords of Early Internet Pioneers

Schneier on Security

Lots of them weren't very good : BSD co-inventor Dennis Ritchie, for instance, used "dmac" (his middle name was MacAlistair); Stephen R.

How Cybercriminals Continue to Innovate

Data Breach Today

Europol Report: Ransomware, DDoS, Business Email Compromises Are Persistent Threats Online attack threats continue to intensify, with criminals preferring ransomware, DDoS attacks and business email compromises, warns Europol, the EU's law enforcement intelligence agency.

Takeaways from the $566M BriansClub Breach

Krebs on Security

Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths.

Sales 130

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

The MacOS Catalina Privacy and Security Features You Should Know

WIRED Threat Level

The latest macOS update is chock-full of ways to better safeguard your data. Security Security / Security Advice

SHARED INTEL: Threat actors add a human touch to boost effectiveness of automated attacks

The Last Watchdog

Trends in fashion and entertainment come and go. The same holds true for the cyber underground.

Researchers released a free decryptor for the Nemty Ransomware

Security Affairs

Good news for the victims of the Nemty Ransomware , security researchers have released a free decryptor that could be used to recover files.

Wi-Fi Hotspot Tracking

Schneier on Security

Free Wi-Fi hotspots can track your location , even if you don't connect to them. This is because your phone or computer broadcasts a unique MAC address.

FBI: Cybercriminals Are Bypassing Multifactor Authentication

Data Breach Today

Threat Actors Using Social Engineering, Other Technical Techniques to Circumvent MFA Protections The FBI is warning banks, businesses and other organizations that cybercriminals are using social engineering and other technical techniques to circumvent multifactor authentication security protections

Cachet Financial Reeling from MyPayrollHR Fraud

Krebs on Security

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

WIRED Threat Level

A new proof-of-concept hardware implant shows how easy it may be to hide malicious chips inside IT equipment. Security Security / Cyberattacks and Hacks

IT 114

NEW TECH: Human operatives maintain personas, prowl the Dark Net for intel to help companies

The Last Watchdog

It seems like any discussion of cybersecurity these days invariably circles back to automation. Our growing fixation with leveraging artificial intelligence to extract profits from Big Data – for both constructive and criminal ends—is the order of the day.

D-Link router models affected by remote code execution issue that will not be fixed

Security Affairs

Researchers at Fortinet’s FortiGuard Labs have publicly disclosed a critical remote code execution vulnerability affecting some models of D-Link routers. Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920.

Illegal Data Center Hidden in Former NATO Bunker

Schneier on Security

Interesting : German investigators said Friday they have shut down a data processing center installed in a former NATO bunker that hosted sites dealing in drugs and other illegal activities. Seven people were arrested. [.].