Sat.Feb 02, 2019 - Fri.Feb 08, 2019

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

The Last Watchdog

We’re just a month and change into the new year, and already there have been two notable developments underscoring the fact that some big privacy and civil liberties questions need to be addressed before continuing the wide-scale deployment of advanced facial recognition systems. This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights. Related: Snowden on unrestrained surveillance.

Using Gmail "Dot Addresses" to Commit Fraud

Schneier on Security

In Gmail addresses, the dots don't matter. The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" -- and so on. Note: I own none of those addresses, if they are actually valid.).

Experts found popular beauty apps in the Play Store including malicious code

Security Affairs

Researchers at Trend Micro discovered at least 29 malicious photo editing and beauty apps that were able to perform several malicious activities.

Trends 101

Data Breach Reports in Europe Under GDPR Exceed 59,000

Data Breach Today

Netherlands, Germany and UK Have Logged the Most Data Breach Reports Since the EU's GDPR went into full effect, European data protection authorities have received over 59,000 data breach reports, with the Netherlands, Germany and the U.K.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Krebs on Security

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week.

More Trending

Four Use Cases Proving the Benefits of Metadata-Driven Automation

erwin

Organization’s cannot hope to make the most out of a data-driven strategy, without at least some degree of metadata-driven automation. The volume and variety of data has snowballed, and so has its velocity.

Cottage Health Hit With $3 Million HIPAA Settlement

Data Breach Today

Latest in a Series of Substantial HHS Penalties for Violations Federal regulators have hit a California-based healthcare provider with a $3 million HIPAA settlement related to two breaches involving misconfigured IT. It's the latest in a recent series of hefty penalties issued in HIPAA cases

IT 261

Crooks Continue to Exploit GoDaddy Hole

Krebs on Security

Godaddy.com , the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains.

Analyst’s view: OpenText named a leader

OpenText Information Management

OpenText™ is thrilled to be recognized by Gartner as a Leader in the 2018 Magic Quadrant for Web Content Management. In its annual review, Gartner evaluated 18 web content management vendors on objective criteria supported by customer references.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Ethical hacking: Why you should encourage attacks on your organisation

IT Governance

It sounds crazy to the uninitiated, but organisations across the globe pay people to break into their systems and find sensitive information. The reason they do this is simple: to catch a thief, you must think like one.

Failed Fraud Against UK Bank Abused Mobile Infrastructure

Data Breach Today

Fresh SS7 Fraud Highlights Ongoing Call Routing Weaknesses A U.K. bank says no customers lost money after cyberattackers attempted account takeovers by rerouting one-time passcodes, Motherboard reports.

244
244

More Alleged SIM Swappers Face Justice

Krebs on Security

Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims.

There's No Good Reason to Trust Blockchain Technology

WIRED Threat Level

Opinion: Cryptocurrencies are useless. Blockchain solutions are frequently much worse than the systems they replace. Here's why. Opinion Security

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Transform your security posture with cyber resilience

IT Governance

With organisations relying ever more on the Internet for accessibility and flexibility, the risks to their networks naturally increase. As a result, enterprising cyber criminals have never had it so easy.

Risk 87

Hack Attack Breaches Australian Parliament Network

Data Breach Today

No Signs of Data Theft; Password Resets Ordered Hackers have breached the Australian Parliament's network, although investigators say they have found no evidence that attackers stole any data.

Introducing Intelligent Records Management Powered by AI

Gimmal

Records Management technology hasn’t always been at the forefront of technological innovation. Since records management systems and processes work best when coupled with an organization's current business processes, progress is dependent on the innovations within the workplace.

What Robert Mueller Knows—and Isn't Telling Us

WIRED Threat Level

The special counsel's indictments have so far stopped short tying Trump and his associates to a broader conspiracy, blanks that will eventually get filled in. Security

GDPR: more popular than Beyoncé or Kim Kardashian

IT Governance

Fame is a fickle mistress. One minute your popularity seems insurmountable, you’re riding the crest of public opinion, you can gain the world’s attention with the slightest of efforts and everyone seems interested in your every utterance.

GDPR 81

Apple Update: Drop Everything and Patch iOS

Data Breach Today

Zero Days Being Exploited; Apple Contributes to 'FacePalm' Bug Finder's Tuition Apple has issued an iOS update that patches two flaws being exploited in the wild by attackers as well as the "FalmPalm" bug in Group FaceTime.

Groups 237

Small Breaches Can Make Big News: How to Protect Your Organization

Adam Levin

A recent leak compromised the personal data of all 4,557 active students at the California State Polytechnic University Science School. This was not a case of hackers gaining access through illicit means or an accidental exposure of an unsecured database.

A third of companies are largely unprepared for cybersecurity attacks: eSecurity Planet Survey

eSecurity Planet

A third of companies are unprepared for some of the most damaging cyber attacks, such as APTs, insider threats, ransomware and DDoS attacks

Up to 4,000 affected by Mumsnet data breach

IT Governance

Mumsnet has disclosed a data breach that occurred during a software update between 5-7 February. A technical error meant that users who logged on simultaneously were directed to someone else’s account. .

Fewer Breaches in 2018, But More Sensitive Data Spilled

Data Breach Today

Business and Healthcare Sectors Suffered Most US Breaches, ITRC Finds In 2018, the Identity Theft Resource Center counted 1,244 U.S.

Expert publicly disclosed the existence of 0day flaw in macOS Mojave

Security Affairs

A zero-day vulnerability in macOS Mojave can be exploited by malware to steal plaintext passwords from the Keychain. The security expert Linus Henze has disclosed the existence of a zero-day vulnerability in macOS Mojave that can be exploited by malware to steal plaintext passwords from the Keychain.

Alaris to Showcase Information Capture Solutions for Healthcare at HIMSS19

Document Imaging Report

ROCHESTER, N.Y., February 7, 2019 – Alaris, a Kodak Alaris business, will showcase its award-winning solutions for automating document-based business processes at HIMSS19.

Over Half of Companies Are Upping Spending on IT Security: eSecurity Planet Survey

eSecurity Planet

Data breaches and new privacy regulations are prompting increased spending on IT security products and staff

Report: Nation-State Malware Attack Could Cripple US

Data Breach Today

Government, Industry Need to Work More Closely on Response Plans Without improved coordination, the U.S.

Hacker who reported a flaw in Hungarian Magyar Telekom faces up to 8-years in jail

Security Affairs

Hungarian police arrested a young hacker because he discovered and exploited serious vulnerabilities in the systems of the Magyar Telekom. Which are the risks for a hacker that decide to publicly disclose a vulnerability?

Retail 111

Nature and Nurture in Threat Modeling

Adam Shostack

Josh Corman opened a bit of a can of worms a day or two ago, asking on Twitter: “ pls RT: who are the 3-5 best, most natural Threat Modeling minds? Esp for NonSecurity people. adamshostack is a given. ” (Thanks!).

Capitalizing on Cloud and Modernization – Fascinating New Industry Report

Micro Focus

Digital Transformation – Must Modernize! Recent discussions around modernization as a smart IT transformation strategy suggest a strong market trend towards Modernization. Before we look at a new study, let’s remind ourselves why organizational transformation matters. Take a look at these three groups of companies and organizations. Group A: American Motors, Brown Shoe, Studebaker, Collins. View Article.

Memo: Nation-State Malware Attack Could Cripple US

Data Breach Today

Government, Industry Need to Work More Closely on Response Plans Without improved coordination, the U.S. government and private companies could be caught flat-footed if malware or a worm hit a software supply chain.