Sat.Feb 02, 2019 - Fri.Feb 08, 2019

MY TAKE: Why Satya Nadella is wise to align with privacy advocates on regulating facial recognition

The Last Watchdog

We’re just a month and change into the new year, and already there have been two notable developments underscoring the fact that some big privacy and civil liberties questions need to be addressed before continuing the wide-scale deployment of advanced facial recognition systems. This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights. Related: Snowden on unrestrained surveillance.

Using Gmail "Dot Addresses" to Commit Fraud

Schneier on Security

In Gmail addresses, the dots don't matter. The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" -- and so on. Note: I own none of those addresses, if they are actually valid.).

Experts found popular beauty apps in the Play Store including malicious code

Security Affairs

Researchers at Trend Micro discovered at least 29 malicious photo editing and beauty apps that were able to perform several malicious activities.

Trends 100

Data Breach Reports in Europe Under GDPR Exceed 59,000

Data Breach Today

Netherlands, Germany and UK Have Logged the Most Data Breach Reports Since the EU's GDPR went into full effect, European data protection authorities have received over 59,000 data breach reports, with the Netherlands, Germany and the U.K.

Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Krebs on Security

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week.

The IT Governance Cyber Resilience Framework: how it works

IT Governance

Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks. It helps organisations protect themselves from cyber risks, defend against and limit the severity of attacks, and ensure that business operations continue to function.

More Trending

Cottage Health Hit With $3 Million HIPAA Settlement

Data Breach Today

Latest in a Series of Substantial HHS Penalties for Violations Federal regulators have hit a California-based healthcare provider with a $3 million HIPAA settlement related to two breaches involving misconfigured IT. It's the latest in a recent series of hefty penalties issued in HIPAA cases

IT 252

Crooks Continue to Exploit GoDaddy Hole

Krebs on Security

Godaddy.com , the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains.

Analyst’s view: OpenText named a leader

OpenText Information Management

OpenText™ is thrilled to be recognized by Gartner as a Leader in the 2018 Magic Quadrant for Web Content Management. In its annual review, Gartner evaluated 18 web content management vendors on objective criteria supported by customer references.

Expert publicly disclosed the existence of 0day flaw in macOS Mojave

Security Affairs

A zero-day vulnerability in macOS Mojave can be exploited by malware to steal plaintext passwords from the Keychain. The security expert Linus Henze has disclosed the existence of a zero-day vulnerability in macOS Mojave that can be exploited by malware to steal plaintext passwords from the Keychain.

Failed Fraud Against UK Bank Abused Mobile Infrastructure

Data Breach Today

Fresh SS7 Fraud Highlights Ongoing Call Routing Weaknesses A U.K. bank says no customers lost money after cyberattackers attempted account takeovers by rerouting one-time passcodes, Motherboard reports.

230
230

More Alleged SIM Swappers Face Justice

Krebs on Security

Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims.

There's No Good Reason to Trust Blockchain Technology

WIRED Threat Level

Opinion: Cryptocurrencies are useless. Blockchain solutions are frequently much worse than the systems they replace. Here's why. Opinion Security

Hacker who reported a flaw in Hungarian Magyar Telekom faces up to 8-years in jail

Security Affairs

Hungarian police arrested a young hacker because he discovered and exploited serious vulnerabilities in the systems of the Magyar Telekom. Which are the risks for a hacker that decide to publicly disclose a vulnerability?

Retail 109

Hack Attack Breaches Australian Parliament Network

Data Breach Today

No Signs of Data Theft; Password Resets Ordered Hackers have breached the Australian Parliament's network, although investigators say they have found no evidence that attackers stole any data.

Ethical hacking: Why you should encourage attacks on your organisation

IT Governance

It sounds crazy to the uninitiated, but organisations across the globe pay people to break into their systems and find sensitive information. The reason they do this is simple: to catch a thief, you must think like one.

What Robert Mueller Knows—and Isn't Telling Us

WIRED Threat Level

The special counsel's indictments have so far stopped short tying Trump and his associates to a broader conspiracy, blanks that will eventually get filled in. Security

Severe bug in LibreOffice and OpenOffice suites allows remote code execution

Security Affairs

A security expert discovered a severe Remote Code Execution vulnerability in the popular LibreOffice and Apache OpenOffice.

Events 107

Apple Update: Drop Everything and Patch iOS

Data Breach Today

Zero Days Being Exploited; Apple Contributes to 'FacePalm' Bug Finder's Tuition Apple has issued an iOS update that patches two flaws being exploited in the wild by attackers as well as the "FalmPalm" bug in Group FaceTime.

Groups 223

Transform your security posture with cyber resilience

IT Governance

With organisations relying ever more on the Internet for accessibility and flexibility, the risks to their networks naturally increase. As a result, enterprising cyber criminals have never had it so easy.

Risk 84

Introducing Intelligent Records Management Powered by AI

Gimmal

Records Management technology hasn’t always been at the forefront of technological innovation. Since records management systems and processes work best when coupled with an organization's current business processes, progress is dependent on the innovations within the workplace.

Reverse RDP Attack – Rogue RDP Server can be used to hack RDP clients

Security Affairs

Researchers at Check Point Software Technologies have discovered more than two dozen vulnerabilities in the popular implementations of the remote desktop protocol (RDP).

Fewer Breaches in 2018, But More Sensitive Data Spilled

Data Breach Today

Business and Healthcare Sectors Suffered Most US Breaches, ITRC Finds In 2018, the Identity Theft Resource Center counted 1,244 U.S.

Four Use Cases Proving the Benefits of Metadata-Driven Automation

erwin

Organization’s cannot hope to make the most out of a data-driven strategy, without at least some degree of metadata-driven automation. The volume and variety of data has snowballed, and so has its velocity.

GDPR: more popular than Beyoncé or Kim Kardashian

IT Governance

Fame is a fickle mistress. One minute your popularity seems insurmountable, you’re riding the crest of public opinion, you can gain the world’s attention with the slightest of efforts and everyone seems interested in your every utterance.

GDPR 78

Ursnif: Long Live the Steganography and AtomBombing!

Security Affairs

Yoroi ZLab – Cybaze uncovered a new wave of Ursnif attacks using a variant that implements an exotic process injection technique called AtomBombing. Another wave of Ursnif attacks hits Italy. Ursnif is one of the most active banking trojans.

Report: Nation-State Malware Attack Could Cripple US

Data Breach Today

Government, Industry Need to Work More Closely on Response Plans Without improved coordination, the U.S.

Boards Now Face ‘the Encryption Question’

Thales eSecurity

Tina Stewart, VP of Market Strategy. “So, So, what are we doing about encryption?”. That’s a question you can expect to be tossed around in plenty of boardrooms, in the coming months.

Up to 4,000 affected by Mumsnet data breach

IT Governance

Mumsnet has disclosed a data breach that occurred during a software update between 5-7 February. A technical error meant that users who logged on simultaneously were directed to someone else’s account. .

Security expert Marco Ramilli released for free the Malware Hunter tool

Security Affairs

Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules. Malware researcher Marco Ramilli released for free the Malware Hunter tool a simple but interesting catching tool base on static YARA rules.

Tools 102

Memo: Nation-State Malware Attack Could Cripple US

Data Breach Today

Government, Industry Need to Work More Closely on Response Plans Without improved coordination, the U.S. government and private companies could be caught flat-footed if malware or a worm hit a software supply chain.

A third of companies are largely unprepared for cybersecurity attacks: eSecurity Planet Survey

eSecurity Planet

A third of companies are unprepared for some of the most damaging cyber attacks, such as APTs, insider threats, ransomware and DDoS attacks

Alaris to Showcase Information Capture Solutions for Healthcare at HIMSS19

Document Imaging Report

ROCHESTER, N.Y., February 7, 2019 – Alaris, a Kodak Alaris business, will showcase its award-winning solutions for automating document-based business processes at HIMSS19.

Metro Bank is the first bank that disclosed SS7 attacks against its customers

Security Affairs

Metro Bank has become the first major bank to disclose SS7 attacks against its customers, but experts believe it isn’t an isolated case.