Sat.Oct 20, 2018 - Fri.Oct 26, 2018

Where Is the Secret Spying Chip Reported by Bloomberg?

Data Breach Today

Chorus of Criticism Against China Spying Contention Reaches New High Where is the secret spying chip devised by China that Bloomberg reported had worked its way into at least 30 companies, including Amazon and Apple?

IT 228

Who Is Agent Tesla?

Krebs on Security

A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license the software.

Groups 177

5 tips to keep your data safe and secure

IT Governance

There is no escaping the threat of data breaches. Organisations are being warned about data breaches in the media, regulators are demanding improved information security and the public is getting more vocal when organisations make mistakes.

Tips 99

NEW TECH: Silverfort extends ‘adaptive multi-factor authentication’ via key partnerships

The Last Watchdog

Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Related: Why a ‘zero-trust’ approach to security is necessary.

Connecticut City Pays Ransom After Crypto-Locking Attack

Data Breach Today

Separately, a Water Utility Hit by Ryuk Ransomware Vows to Restore, Not Pay A tale of two different ransomware victims' responses: One Connecticut city says it had little choice but to pay a ransom to restore crypto-locked systems.

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Krebs on Security

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Combating such a multifarious menace can seem daunting, and it calls for concerted efforts to tackle the problem from many different angles. This post examines the work of a large, private group of volunteers dedicated to doing just that.

Groups 133

Experts presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol

Security Affairs

Security experts Antonio Pirozzi and Pierluigi Paganini presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol.

More Trending

Cathay Pacific Says 9.4 Million Affected by Data Breach

Data Breach Today

Airline's Five-Month Delay Before Public Disclosure Raises Concern Hong Kong-based airline Cathay Pacific says the personal details of 9.4 million passengers were inappropriately accessed in March, a breach the company confirmed in early May but publicly revealed on Wednesday.

Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks

Krebs on Security

The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University , his former alma mater. Paras Jha, in an undated photo from his former LinkedIn profile. Paras Jha, a 22-year-old computer whiz from Fanwood, N.J.,

IoT 130

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

Security Affairs

Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group. The hackers used the powerful cyber weapons to compromise systems used in aerospace, nuclear energy, R&D, and other industries.

Are the Police using Smart-Home IoT Devices to Spy on People?

Schneier on Security

IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers.

IoT 110

Facebook Slammed With Maximum UK Privacy Fine

Data Breach Today

Failings Leading to Cambridge Analytica Scandal Earn Sharp Rebuke From Regulator Facebook has been slammed with the maximum possible fine under U.K.

How to claim compensation for a data protection breach

IT Governance

The EU GDPR (General Data Protection Regulation) has heralded a new era in which individuals have greater control over their personal data.

Experts released a free Decryption Tool for GandCrab ransomware

Security Affairs

Good news for the victims of the infamous GandCrab ransomware, security experts have created a decryption tool that allows them to decrypts files without paying the ransom.

OpenText STP Financial Hub revolutionizes workflows in the Financial Services sector

OpenText Information Management

British Airways Finds Hackers Stole More Payment Card Data

Data Breach Today

Investigators Now Count 565,000 Data Breach Victims British Airways has discovered that hackers compromised payment card data and personal details for 185,000 more customers than it had originally suspected and that its systems were first breached not in August, but April.

Life-threatening cyber attack inevitable

IT Governance

Last week, the NCSC (National Cyber Security Centre) released its second annual review , in which it warned that a life-threatening cyber attack will hit the UK in the near future.

Syrian victims of the GandCrab ransomware can decrypt their files for free

Security Affairs

The developers of the GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. The authors of the infamous GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum.

OpenText trailblazers join top female tech leaders at the 2018 Grace Hopper Celebration

OpenText Information Management

Every year, a delegation of women from OpenText™ are hand selected by our executive team to attend the Grace Hopper Celebration of Women in Computing in the U.S.

Blog 92

Fresh GandCrab Decryptor Frees Data for Free

Data Breach Today

Crypto-Locking Ransomware Cracked Thanks to Gang's Shoddy Code Quality Good news for anyone whose data has been crypto-locked by attackers wielding GandCrab, the year's most aggressive strain of ransomware: You may be able to get your data back, thanks to a free decryptor

Android Ad-Fraud Scheme

Schneier on Security

BuzzFeed is reporting on a scheme where fraudsters buy legitimate Android apps, track users' behavior in order to mimic it in a way that evades bot detectors, and then uses bots to perpetuate an ad-fraud scheme.

Israel Defense Forces were searching systems to spy on private social media messages

Security Affairs

The Israel Defense Forces has bid to obtain spying systems that will allow monitoring of the private messages of social media users. Monitoring of social media platforms is a crucial activity for intelligence agencies, almost any government is working to gather intelligence for these systems.

How long do you have to report a data breach?

IT Governance

The first 72 hours after you become aware of a data breach are critical. This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. As you might expect, there are a lot of intricacies involved.

Feds Charge Russian With Midterm Election Interference

Data Breach Today

Project Lakhta' Allegedly Poured Millions Into Promoting Social Conflict A Russian national has been charged with coordinating a four-year campaign to spread divisive themes aimed at disrupting the U.S. political system.

211

I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming

WIRED Threat Level

Opinion: The fact that voter information is left on devices, unencrypted, that are then sold on the open market is malpractice. Security Opinion

FreeRTOS flaws expose millions of IoT devices to cyber attacks

Security Affairs

Researchers found that one of the most popular Internet of Things real-time operating system, FreeRTOS, is affected by serious vulnerabilities.

IoT 101

Department of Interior Updating Their Records Schedule

National Archives Records Express

Many of our readers may have seen recent items in the news media, social medi a or on listservs that make it seem like the Department of the Interior is making an unusual request to destroy Federal Records. We have been busily responding to inquiries about this schedu le from individuals and the press for a few days. Those of you who work in records management understand the records scheduling process, but to others, this process can seem mysterious.

Yahoo Class-Action Settlement: A $50 Million-Plus Sting

Data Breach Today

Victims Would Get Credit Monitoring, Reimbursement For ID Theft A proposed agreement that would end a class-action suit against Yahoo over devastating data breaches could see the company pay as much as $85 million.

Paper and the Case for Going Low-Tech in the Voting Booth

WIRED Threat Level

When considered as a form of tech, paper has a killer feature set: It’s intuitive, it doesn’t crash, and it doesn’t need a power source. Security

Paper 86

Cathay Pacific data breach affecting 9.4 million passengers

Security Affairs

Cathay Pacific Airways Limited, the flag carrier of Hong Kong, had suffered a major data leak affecting up to 9.4 million passengers. Cathay Pacific Airways Limited, the flag carrier of Hong Kong, admitted having suffered a major data leak affecting up to 9.4 million passengers.

The enemy within: three types of employees that cause data breaches

IT Governance

Negligent employees are the leading cause of data breaches at small and medium-sized businesses across North America and the UK, according to a recent study from Keeper Security. But what do these incidents really look like on the front line? IT Governance investigates.

Botnets Keep Brute-Forcing Internet of Things Devices

Data Breach Today

Shotgun Attacks Target Default Username/Password Combinations via Telnet Two years after Mirai botnets first appeared, security researchers say telnet-targeting botnets are attempting to compromise internet of things devices by pummeling them with 1,065 different username/password combinations.

It Started as an Online Gaming Prank. Then It Turned Deadly

WIRED Threat Level

wager on a "Call of Duty" match led to a fake 911 call reporting a violent hostage situation in Wichita. Here’s how it all went horribly awry. Security Backchannel

IT 85

Saudi Future Investment Initiative website defaced by the hackers

Security Affairs

Hackers defaced Future Investment Initiative (FII) website for a Saudi investment summit just a day before the three-day conference begins.

Major data leak at Cathay Pacific

IT Governance

Hong Kong-based airline Cathay Pacific has announced a major data breach affecting up to 9.4 million of its customers. The breach also affects Cathay’s regional airline, Cathay Dragon. What data has been compromised? The breach exposed a broad selection of data, including: names. nationalities.

Texas Retirement Agency Portal Breach Affects 1.25 Million

Data Breach Today

Coding Error Allowed Some Logged-In Members to View Others' Information A coding error in a portal of the Employee Retirement System of Texas inadvertently allowed some users to view the information of others, potentially exposing information on 1.25 million of its members.

IT 181

Effective change management for your digital evolution – Part 1

TAB OnRecord

A digital evolution is only as effective as the people behind it. This makes effective change management a key factor in any successful digital transformation. In this three-part post we will present six change management tips to help you meet challenges that may arise during your digital evolution.

Tips 78