Sat.Feb 02, 2019 - Fri.Feb 08, 2019

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

The Last Watchdog

We’re just a month and change into the new year, and already there have been two notable developments underscoring the fact that some big privacy and civil liberties questions need to be addressed before continuing the wide-scale deployment of advanced facial recognition systems. This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights. Related: Snowden on unrestrained surveillance.

Video 133

Using Gmail "Dot Addresses" to Commit Fraud

Schneier on Security

In Gmail addresses, the dots don't matter. The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" -- and so on. Note: I own none of those addresses, if they are actually valid.).

Groups 108

Experts found popular beauty apps in the Play Store including malicious code

Security Affairs

Researchers at Trend Micro discovered at least 29 malicious photo editing and beauty apps that were able to perform several malicious activities.

Trends 102

Data Breach Reports in Europe Under GDPR Exceed 59,000

Data Breach Today

Netherlands, Germany and UK Have Logged the Most Data Breach Reports Since the EU's GDPR went into full effect, European data protection authorities have received over 59,000 data breach reports, with the Netherlands, Germany and the U.K.

Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Krebs on Security

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week.

The IT Governance Cyber Resilience Framework: how it works

IT Governance

Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks. It helps organisations protect themselves from cyber risks, defend against and limit the severity of attacks, and ensure that business operations continue to function.

More Trending

Cottage Health Hit With $3 Million HIPAA Settlement

Data Breach Today

Latest in a Series of Substantial HHS Penalties for Violations Federal regulators have hit a California-based healthcare provider with a $3 million HIPAA settlement related to two breaches involving misconfigured IT. It's the latest in a recent series of hefty penalties issued in HIPAA cases

IT 247

Crooks Continue to Exploit GoDaddy Hole

Krebs on Security

Godaddy.com , the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains.

There's No Good Reason to Trust Blockchain Technology

WIRED Threat Level

Opinion: Cryptocurrencies are useless. Blockchain solutions are frequently much worse than the systems they replace. Here's why. Opinion Security

Android devices could be hacked by viewing a malicious PNG Image

Security Affairs

Apple Update: Drop Everything and Patch iOS

Data Breach Today

Zero Days Being Exploited; Apple Contributes to 'FacePalm' Bug Finder's Tuition Apple has issued an iOS update that patches two flaws being exploited in the wild by attackers as well as the "FalmPalm" bug in Group FaceTime.

Groups 218

More Alleged SIM Swappers Face Justice

Krebs on Security

Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims.

Ethical hacking: Why you should encourage attacks on your organisation

IT Governance

It sounds crazy to the uninitiated, but organisations across the globe pay people to break into their systems and find sensitive information. The reason they do this is simple: to catch a thief, you must think like one.

Hacker who reported a flaw in Hungarian Magyar Telekom faces up to 8-years in jail

Security Affairs

Hungarian police arrested a young hacker because he discovered and exploited serious vulnerabilities in the systems of the Magyar Telekom. Which are the risks for a hacker that decide to publicly disclose a vulnerability?

Retail 111

Failed Fraud Against UK Bank Abused Mobile Infrastructure

Data Breach Today

Fresh SS7 Fraud Highlights Ongoing Call Routing Weaknesses A U.K. bank says no customers lost money after cyberattackers attempted account takeovers by rerouting one-time passcodes, Motherboard reports.

224
224

China's AI Strategy and its Security Implications

Schneier on Security

Gregory C. Allen at the Center for a New American Security has a new report with some interesting analysis and insights into China's AI strategy, commercial, government, and military. There are numerous security -- and national security -- implications

Transform your security posture with cyber resilience

IT Governance

With organisations relying ever more on the Internet for accessibility and flexibility, the risks to their networks naturally increase. As a result, enterprising cyber criminals have never had it so easy.

Risk 84

Ursnif: Long Live the Steganography and AtomBombing!

Security Affairs

Yoroi ZLab – Cybaze uncovered a new wave of Ursnif attacks using a variant that implements an exotic process injection technique called AtomBombing. Another wave of Ursnif attacks hits Italy. Ursnif is one of the most active banking trojans.

Hack Attack Breaches Australian Parliament Network

Data Breach Today

No Signs of Data Theft; Password Resets Ordered Hackers have breached the Australian Parliament's network, although investigators say they have found no evidence that attackers stole any data.

Introducing Intelligent Records Management Powered by AI

Gimmal

Records Management technology hasn’t always been at the forefront of technological innovation. Since records management systems and processes work best when coupled with an organization's current business processes, progress is dependent on the innovations within the workplace.

GDPR: more popular than Beyoncé or Kim Kardashian

IT Governance

Fame is a fickle mistress. One minute your popularity seems insurmountable, you’re riding the crest of public opinion, you can gain the world’s attention with the slightest of efforts and everyone seems interested in your every utterance.

GDPR 78

Severe bug in LibreOffice and OpenOffice suites allows remote code execution

Security Affairs

A security expert discovered a severe Remote Code Execution vulnerability in the popular LibreOffice and Apache OpenOffice.

Events 109

Fewer Breaches in 2018, But More Sensitive Data Spilled

Data Breach Today

Business and Healthcare Sectors Suffered Most US Breaches, ITRC Finds In 2018, the Identity Theft Resource Center counted 1,244 U.S.

Boards Now Face ‘the Encryption Question’

Thales Data Security

Tina Stewart, VP of Market Strategy. “So, So, what are we doing about encryption?”. That’s a question you can expect to be tossed around in plenty of boardrooms, in the coming months.

Up to 4,000 affected by Mumsnet data breach

IT Governance

Mumsnet has disclosed a data breach that occurred during a software update between 5-7 February. A technical error meant that users who logged on simultaneously were directed to someone else’s account. .

Reverse RDP Attack – Rogue RDP Server can be used to hack RDP clients

Security Affairs

Researchers at Check Point Software Technologies have discovered more than two dozen vulnerabilities in the popular implementations of the remote desktop protocol (RDP).

Report: Nation-State Malware Attack Could Cripple US

Data Breach Today

Government, Industry Need to Work More Closely on Response Plans Without improved coordination, the U.S.

A third of companies are largely unprepared for cybersecurity attacks: eSecurity Planet Survey

eSecurity Planet

A third of companies are unprepared for some of the most damaging cyber attacks, such as APTs, insider threats, ransomware and DDoS attacks

MacOS Zero-Day Exposes Apple Keychain Passwords

Threatpost

A researcher who discovered a flaw letting him steal passwords in MacOS is not sharing his findings with Apple without a macOS bug bounty program. Mobile Security Vulnerabilities apple Apple bug bug bounty ios macOS zero day

Security expert Marco Ramilli released for free the Malware Hunter tool

Security Affairs

Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules. Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules.

Tools 105

Memo: Nation-State Malware Attack Could Cripple US

Data Breach Today

Government, Industry Need to Work More Closely on Response Plans Without improved coordination, the U.S. government and private companies could be caught flat-footed if malware or a worm hit a software supply chain.

Analyst’s view: OpenText named a leader

OpenText Information Management

OpenText™ is thrilled to be recognized by Gartner as a Leader in the 2018 Magic Quadrant for Web Content Management. In its annual review, Gartner evaluated 18 web content management vendors on objective criteria supported by customer references.

Blog 72

Small Breaches Can Make Big News: How to Protect Your Organization

Adam Levin

A recent leak compromised the personal data of all 4,557 active students at the California State Polytechnic University Science School. This was not a case of hackers gaining access through illicit means or an accidental exposure of an unsecured database.

Hackers broke into Australia’s Parliament Computer Network

Security Affairs

Australia’s parliament confirmed that is investigating a suspicious security incident that affected its computer network. Australia announced an ongoing investigation on unspecified ‘security incident’ in the federal parliament’s computer network.