Sat.Apr 06, 2019 - Fri.Apr 12, 2019

Dark Patterns: How Weaponized Usability Hurts Users

Data Breach Today


87% of organisations have an insufficient cyber security budget

IT Governance

Although organisations are devoting more resources to cyber security in order to tackle the growing threat of data breaches, 87% say they don’t have the budget to meet their needs, a new report has found.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Q&A: How cutting out buzzwords could actually ease implementation of powerful security tools

The Last Watchdog

The central dilemma posed by digital transformation is this: How do companies reap the benefits of high-velocity software development without creating onerous security exposures? Related: Golden Age of cyber spying dawns. The best practices standards and protocols to pull off this delicate balancing act have been thoroughly vetted and are readily available. And there’s certainly no shortage of sophisticated technology solutions. So what’s missing?

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Attackers Shift to Malware-Based Cryptominers

Data Breach Today

Cryptocurrency Market Slide Makes In-Browser Mining Less Appealing Browser-based cryptocurrency miners are falling out of favor as virtual currency prices remain low, IBM says. But the company says malware-based miners are coming back, including fileless ones that rely on Powershell.

Mining 272

More Trending

MY TAKE: What ‘fake news’ really is: digital disinformation intended to disrupt, manipulate

The Last Watchdog

President Trump’s constant mislabeling of mainstream news reports he doesn’t appreciate as “fake news” has done much to muddle the accurate definition of this profound global force – and obscure the societal damage this rising phenomenon is precipitating. Related: The scourge of ‘malvertising’ Fake news is the willful spreading of disinformation. Yes, much of political propaganda, as practiced down through the ages, fits that definition.

A Year Later, Cybercrime Groups Still Rampant on Facebook

Krebs on Security

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft.

US CERT Warns of N. Korean 'Hoplight' Trojan

Data Breach Today

Hidden Cobra, Also Known as Lazarus, Appears to Be Behind the Malware U.S. CERT has issued a fresh warning about a newly discovered Trojan called Hoplight that is connected to a notorious APT group with links to North Korea.

IT 254

Maliciously Tampering with Medical Imagery

Schneier on Security

In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists. I don't think the medical device industry has thought at all about data integrity and authentication issues.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

MY TAKE: Account hijackers follow small banks, credit unions over to mobile banking apps

The Last Watchdog

As long as cyber attacks continue, financial institutions will remain a prime target, for obvious reasons. Related: OneSpan’s rebranding launch. Outside of giants JP Morgan, Bank of America, Citigroup, Wells Fargo and U.S. Bancorp, the remainder of the more than 10,000 U.S. firms are comprised of community banks and regional credit unions. These smaller institutions, much like the giants, are hustling to expand mobile banking services.

Patch Tuesday Lowdown, April 2019 Edition

Krebs on Security

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs.

MD Anderson Cancer Center Appeals $4.3 Million HIPAA Fine

Data Breach Today

Organization List Reasons Why It Believes Breach-Related Penalty Was Not Justified The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3

New 'HOPLIGHT' Malware Appears in Latest North Korean Attacks, Say DHS, FBI

Dark Reading

The FBI and Department of Homeland Security release malware analysis report, indicators of compromise for nine different executable files

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

WPA3 attacks allow hackers to hack Wi-Fi password

Security Affairs

Security researchers discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

How the Anonymous Artist Bansky Authenticates His or Her Work

Schneier on Security

Interesting scheme : It all starts off with a fairly bog standard gallery style certificate. Details of the work, the authenticating agency, a bit of embossing and a large impressive signature at the bottom.

Congressional Report Rips Equifax for Weak Security

Data Breach Today

Senate Panel Says Company Lacked Strong Security Culture Before Massive Data Breach The lack of a strong security culture at Equifax - especially compared its two main competitors - was a key factor contributing to its 2017 data breach that exposed the personal records of 145 million Americans, according to a 71-page Congressional report.

NEW TECH: ‘Network Traffic Analysis’ gets to ground truth about data moving inside the perimeter

The Last Watchdog

Digital transformation is all about high-velocity innovation. But velocity cuts two ways. Related: Obsolescence creeps into perimeter defenses. Yes, the rapid integration of digital technologies into all aspects of commerce has enabled wonderful new services. But it has also translated into an exponential expansion of the attack surface available to cyber criminals.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Emsisoft released a free decryptor for CryptoPokemon ransomware

Security Affairs

Good news for the victims of the CryptoPokemon ransomware , security experts at Emsisoft just released a free decrypter tool. Victims of the CryptoPokemon ransomware have a good reason to smile, security experts at Emsisoft have released a free decrypter tool.

Malware Infected Medical Equipment Shows Fake Tumors

Adam Levin

Israeli cybersecurity researchers have created malware capable of showing fake cancerous growths on CT and MRI scans.

U.K. Man Gets Six-Year Sentence for Global Ransomware Scheme

Data Breach Today

Authorities Say He Spent Ransom Proceeds on Luxury Goods, Gambling A 24-year-old man living in England has been sentenced to more than six years in prison for his role in a ransomware scheme that targeted millions of computers across 20 countries, the U.K.'s s National Crime Agency announced Tuesda

TajMahal Spyware

Schneier on Security

Kaspersky has released details about a sophisticated nation-state spyware it calls TajMahal: The TajMahal framework's 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks.

IT 111

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

APT28 and Upcoming Elections: evidence of possible interference

Security Affairs

In mid-March , a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction. In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild.

In Security, All Logs Are Not Created Equal

Dark Reading

Prioritizing key log sources goes a long way toward effective incident response

Yahoo Takes Second Swing at Data Breach Settlement

Data Breach Today

Million Settlement Would Be Largest Ever for a Data Breach, Plaintiffs Say Yahoo is hoping a revamped proposed breach-related settlement will pass muster with a federal judge who rejected the first one for myriad reasons, including high attorney fees and a lack of transparency.

New Version of Flame Malware Discovered

Schneier on Security

Flame was discovered in 2012, linked to Stuxnet, and believed to be American in origin. It has recently been linked to more modern malware through new analysis tools that find linkages between different software. Seems that Flame did not disappear after it was discovered, as was previously thought.

IT 107

Victims of Planetary Ransomware can decrypt their files for free

Security Affairs

Researchers at Emsisoft developed a decryptor for the Planetary Ransomware family that could allow victims to decrypt their files for free. Good news for the victims of the Planetary Ransomware, security firm Emsisoft has released a decryptor that allows victims to decrypt their files for free.