Sat.Oct 20, 2018 - Fri.Oct 26, 2018

Where Is the Secret Spying Chip Reported by Bloomberg?

Data Breach Today

Chorus of Criticism Against China Spying Contention Reaches New High Where is the secret spying chip devised by China that Bloomberg reported had worked its way into at least 30 companies, including Amazon and Apple?

IT 213

Who Is Agent Tesla?

Krebs on Security

A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license the software.

Groups 186

5 tips to keep your data safe and secure

IT Governance

There is no escaping the threat of data breaches. Organisations are being warned about data breaches in the media, regulators are demanding improved information security and the public is getting more vocal when organisations make mistakes.

Tips 98

NEW TECH: Silverfort extends ‘adaptive multi-factor authentication’ via key partnerships

The Last Watchdog

Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Related: Why a ‘zero-trust’ approach to security is necessary.

Connecticut City Pays Ransom After Crypto-Locking Attack

Data Breach Today

Separately, a Water Utility Hit by Ryuk Ransomware Vows to Restore, Not Pay A tale of two different ransomware victims' responses: One Connecticut city says it had little choice but to pay a ransom to restore crypto-locked systems.

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

Krebs on Security

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Combating such a multifarious menace can seem daunting, and it calls for concerted efforts to tackle the problem from many different angles. This post examines the work of a large, private group of volunteers dedicated to doing just that.

Groups 139

More Trending

How long do you have to report a data breach?

IT Governance

The first 72 hours after you become aware of a data breach are critical. This is the deadline given to you under the EU GDPR (General Data Protection Regulation) to report information security incidents to your supervisory authority. As you might expect, there are a lot of intricacies involved.

Cathay Pacific Says 9.4 Million Affected by Data Breach

Data Breach Today

Airline's Five-Month Delay Before Public Disclosure Raises Concern Hong Kong-based airline Cathay Pacific says the personal details of 9.4 million passengers were inappropriately accessed in March, a breach the company confirmed in early May but publicly revealed on Wednesday.

Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks

Krebs on Security

The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University , his former alma mater. Paras Jha, in an undated photo from his former LinkedIn profile. Paras Jha, a 22-year-old computer whiz from Fanwood, N.J.,

IoT 136

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

Security Affairs

Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group. The hackers used the powerful cyber weapons to compromise systems used in aerospace, nuclear energy, R&D, and other industries.

Are the Police using Smart-Home IoT Devices to Spy on People?

Schneier on Security

IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers.

IoT 100

Facebook Slammed With Maximum UK Privacy Fine

Data Breach Today

Failings Leading to Cambridge Analytica Scandal Earn Sharp Rebuke From Regulator Facebook has been slammed with the maximum possible fine under U.K.

How to claim compensation for a data protection breach

IT Governance

The EU GDPR (General Data Protection Regulation) has heralded a new era in which individuals have greater control over their personal data.

Experts released a free Decryption Tool for GandCrab ransomware

Security Affairs

Good news for the victims of the infamous GandCrab ransomware, security experts have created a decryption tool that allows them to decrypts files without paying the ransom.

Tools 106

China's Hacking of the Border Gateway Protocol

Schneier on Security

This is a long -- and somewhat technical -- paper by Chris C. Demchak and Yuval Shavitt about China's repeated hacking of the Internet Border Gateway Protocol (BGP): " China's Maxim ­ Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking.".

Fresh GandCrab Decryptor Frees Data for Free

Data Breach Today

Crypto-Locking Ransomware Cracked Thanks to Gang's Shoddy Code Quality Good news for anyone whose data has been crypto-locked by attackers wielding GandCrab, the year's most aggressive strain of ransomware: You may be able to get your data back, thanks to a free decryptor

Life-threatening cyber attack inevitable

IT Governance

Last week, the NCSC (National Cyber Security Centre) released its second annual review , in which it warned that a life-threatening cyber attack will hit the UK in the near future.

Blog 94

Syrian victims of the GandCrab ransomware can decrypt their files for free

Security Affairs

The developers of the GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. The authors of the infamous GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum.

OpenText STP Financial Hub revolutionizes workflows in the Financial Services sector

OpenText Information Management

British Airways Finds Hackers Stole More Payment Card Data

Data Breach Today

Investigators Now Count 565,000 Data Breach Victims British Airways has discovered that hackers compromised payment card data and personal details for 185,000 more customers than it had originally suspected and that its systems were first breached not in August, but April.

I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming

WIRED Threat Level

Opinion: The fact that voter information is left on devices, unencrypted, that are then sold on the open market is malpractice. Security Opinion

FreeRTOS flaws expose millions of IoT devices to cyber attacks

Security Affairs

Researchers found that one of the most popular Internet of Things real-time operating system, FreeRTOS, is affected by serious vulnerabilities.

IoT 103

OpenText trailblazers join top female tech leaders at the 2018 Grace Hopper Celebration

OpenText Information Management

Every year, a delegation of women from OpenText™ are hand selected by our executive team to attend the Grace Hopper Celebration of Women in Computing in the U.S.

Blog 91

Feds Charge Russian With Midterm Election Interference

Data Breach Today

Project Lakhta' Allegedly Poured Millions Into Promoting Social Conflict A Russian national has been charged with coordinating a four-year campaign to spread divisive themes aimed at disrupting the U.S. political system.

200
200

Department of Interior Updating Their Records Schedule

National Archives Records Express

Many of our readers may have seen recent items in the news media, social medi a or on listservs that make it seem like the Department of the Interior is making an unusual request to destroy Federal Records. We have been busily responding to inquiries about this schedu le from individuals and the press for a few days. Those of you who work in records management understand the records scheduling process, but to others, this process can seem mysterious.

Message Decryption Key for Signal Desktop application stored in plain text

Security Affairs

The reverse engineer researcher Nathaniel Suchy discovered that Signal Desktop application leaves message decryption key in plain text exposing them to an attacker. Signal Desktop application leaves message decryption key in plain text potentially exposing them to an attacker.

It Started as an Online Gaming Prank. Then It Turned Deadly

WIRED Threat Level

wager on a "Call of Duty" match led to a fake 911 call reporting a violent hostage situation in Wichita. Here’s how it all went horribly awry. Security Backchannel

IT 84

Botnets Keep Brute-Forcing Internet of Things Devices

Data Breach Today

Shotgun Attacks Target Default Username/Password Combinations via Telnet Two years after Mirai botnets first appeared, security researchers say telnet-targeting botnets are attempting to compromise internet of things devices by pummeling them with 1,065 different username/password combinations.

Non-Human Resources for the HR Professional: Harnessing the Data

InfoGoTo

Can you pinpoint the most important aspect of your professional skill set? From analyzing data to understanding key applications, you’re constantly juggling the growing demands of your career. HR professionals experience this concern on a grand scale.

Saudi Future Investment Initiative website defaced by the hackers

Security Affairs

Hackers defaced Future Investment Initiative (FII) website for a Saudi investment summit just a day before the three-day conference begins.

Paper and the Case for Going Low-Tech in the Voting Booth

WIRED Threat Level

When considered as a form of tech, paper has a killer feature set: It’s intuitive, it doesn’t crash, and it doesn’t need a power source. Security

Paper 83

Yahoo Class-Action Settlement: A $50 Million-Plus Sting

Data Breach Today

Victims Would Get Credit Monitoring, Reimbursement For ID Theft A proposed agreement that would end a class-action suit against Yahoo over devastating data breaches could see the company pay as much as $85 million.

The enemy within: three types of employees that cause data breaches

IT Governance

Negligent employees are the leading cause of data breaches at small and medium-sized businesses across North America and the UK, according to a recent study from Keeper Security. But what do these incidents really look like on the front line? IT Governance investigates.

Israel Defense Forces were searching systems to spy on private social media messages

Security Affairs

The Israel Defense Forces has bid to obtain spying systems that will allow monitoring of the private messages of social media users. Monitoring of social media platforms is a crucial activity for intelligence agencies, almost any government is working to gather intelligence for these systems.