January, 2020

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network.

Are Companies Adhering to CCPA Requirements?

Data Breach Today

Some Are Not Giving Customers Option to Opt out of Data Sale, Legal Experts Say Many companies that should be offering customers the ability to "opt out" of the sale of their information under the California Consumer Privacy Act are failing to do so because of the law's ambiguities, some legal experts say. CCPA went into effect Jan.

Sales 190

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GUEST ESSAY: Strategic tactics are key to a robust Cloud Security Posture Management regime

The Last Watchdog

A cyber strategy is a documented approach to handling various aspects of cyberspace. It is mostly developed to address the cybersecurity needs of an entity by focusing on how data, networks, technical systems, and people are protected. An effective cyber strategy is normally on par with the cybersecurity risk exposure of an entity. It covers all possible attack landscapes that can be targeted by malicious parties.

Cloud 167

Everything We Know About the Jeff Bezos Phone Hack

WIRED Threat Level

A UN report links the attack on Jeff Bezos' iPhone X directly to Saudi Arabian Crown Prince Mohammed bin Salman. Security Security / Cyberattacks and Hacks

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Eliminate the Password, Eliminate the Password Problem.

The Security Ledger

Weak, stolen or reused passwords are the root of 8 in 10 data breaches. Fixing the data breach problem means abandoning passwords for something more secure. But what does passwordless authentication even look like?

More Trending

For Mismanaged SOCs, The Price Is Not Right

Dark Reading

New research finds security operations centers suffer high turnover and yield mediocre results for the investment they require

Wawa Breach May Have Affected More Than 30 Million Customers

Threatpost

Hefty collection of U.S. and international payment cards from the incident revealed in December found up for sale on dark-web marketplace Joker’s Stash. Breach Hacks Dark Web data breach Fraud fraud marketplace Gemini Advisory Hacking Joker’s Stash malware payment cards the home depot Wawa

Sales 96

Alarming Trend: More Ransomware Gangs Exfiltrating Data

Data Breach Today

Criminals Increasingly Leak Stolen Data to Force Bitcoin Payoff As if ransomware wasn't already bad enough, more gangs are now exfiltrating data from victims before leaving systems crypto-locked.

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

The Last Watchdog

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Patch Tuesday, January 2020 Edition

Krebs on Security

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency.

The Difficulty of Disclosure, Surebet247 and the Streisand Effect

Troy Hunt

This is a blog post about disclosure, specifically the difficulty with doing it in a responsible fashion as the reporter whilst also ensuring the impacted organisation behaves responsibly themselves.

Top 10 Data Governance Trends for 2020: Data’s Real Value Comes Into Focus

erwin

Understanding the data governance trends for the year ahead will give business leaders and data professionals a competitive edge … Happy New Year! Regulatory compliance and data breaches have driven the data governance narrative during the past few years.

Texas School District Loses $2.3M to Phishing Attack

Dark Reading

The Manor Independent School District is investigating a phishing email scam that led to three separate fraudulent transactions

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Hackers Target European Energy Firm: Researchers

Data Breach Today

Report Says Group Tied to Iran Could Be Involved Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm Recorded Future

MY TAKE: Why we should all now focus on restoring stability to US-Iran relations

The Last Watchdog

As tensions escalate between the U.S. and Iran it’s vital not to lose sight of how we arrived at this point. Related: We’re in the golden age of cyber spying Mainstream news outlets are hyper focused on the events of the past six days. A Dec.

Does Your Domain Have a Registry Lock?

Krebs on Security

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it.

Technical Report of the Bezos Phone Hack

Schneier on Security

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman.investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

5 Ways Data Modeling Is Critical to Data Governance

erwin

Enterprises are trying to manage data chaos. They might have 300 applications, with 50 different databases and a different schema for each one.

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

The US-based children’s clothing maker Hanna Andersson has disclosed a data breach that affected its customers. The US-based children’s clothing maker and online retailer Hanna Andersson discloses a data breach, attackers planted an e-skimmer on its e-commerce platform.

Analysis: Threat Posed by Pro-Iranian Hackers

Data Breach Today

Wiper Malware, Bank Disruptions Feature in Iran's Asymmetric Hacking Playbook Launching online attacks remains a potent tool in the Iranian government's geopolitical playbook. Security experts are urging U.S.

Mainframe Transformation awaits @SHARE in Texas

Micro Focus

As a native Texan, I am excited to help host this event in my backyard of Fort Worth, Texas, on February 23-28. A short drive to the venue beats a long flight hands down. Why ‘Cowtown’? Fort Worth got its nickname “Cowtown” in the 1800s as it became the center of the cattle drives, and. View Article.

IT 103

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password.

Customer Tracking at Ralphs Grocery Store

Schneier on Security

To comply with California's new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. Sometimes the results are creepy.

Kids and Code: Object Oriented Programming with Code Combat

Troy Hunt

Geez time flies. It's just a tad under 4 years ago that I wrote about teaching kids to code with code.org which is an amazing resource for young ones to start learning programming basics.

IT 101

NIST releases version 1.0 of the Privacy Framework

Security Affairs

The NIST released version 1.0 of Privacy Framework, it is a tool designed to help organizations to manage privacy risks. The National Institute of Standards and Technology (NIST) has published the release version 1.0 of its privacy framework.

Risk 101

UK Approves 'Limited' Role for Huawei in 5G Networks

Data Breach Today

British Government Snubs Trump Administration's Request to Ban Chinese Firm's Equipment The United Kingdom will allow "limited" use of equipment from China's Huawei for the nation's emerging 5G networks. After the Tuesday announcement, the White House and some U.S.

How to Keep Your Information Safe for Data Privacy Day 2020

Thales eSecurity

January 28, 2020 marks the 13th iteration of Data Privacy Day. An extension of the celebration for Data Protection Day in Europe, Data Privacy Day functions as the signature event of the National Cyber Security Centre’s ongoing education and awareness efforts surrounding online privacy.

Apple Addresses iPhone 11 Location Privacy Concern

Krebs on Security

Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month. Beta versions of iOS 13.3.1

Modern Mass Surveillance: Identify, Correlate, Discriminate

Schneier on Security

Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide ban may follow).