Sat.Apr 06, 2019 - Fri.Apr 12, 2019

Dark Patterns: How Weaponized Usability Hurts Users

Data Breach Today

Fresh Legislation Targets Deceptive, Privacy-Shredding Interface Design Dark patterns are out to get you. The term describes the practice of abusing usability norms to create user interfaces that trick users into divulging their personal details or sacrificing their privacy.

87% of organisations have an insufficient cyber security budget

IT Governance

Although organisations are devoting more resources to cyber security in order to tackle the growing threat of data breaches, 87% say they don’t have the budget to meet their needs, a new report has found.

Q&A: How cutting out buzzwords could actually ease implementation of powerful security tools

The Last Watchdog

The central dilemma posed by digital transformation is this: How do companies reap the benefits of high-velocity software development without creating onerous security exposures? Related: Golden Age of cyber spying dawns. The best practices standards and protocols to pull off this delicate balancing act have been thoroughly vetted and are readily available. And there’s certainly no shortage of sophisticated technology solutions. So what’s missing?

Tools 118

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0

Attackers Shift to Malware-Based Cryptominers

Data Breach Today

Cryptocurrency Market Slide Makes In-Browser Mining Less Appealing Browser-based cryptocurrency miners are falling out of favor as virtual currency prices remain low, IBM says. But the company says malware-based miners are coming back, including fileless ones that rely on Powershell.

Mining 259

Hey Secret Service: Don't Plug Suspect USB Sticks into Random Computers

Schneier on Security

I just noticed this bit from the incredibly weird story of the Chinese woman arrested at Mar-a-Lago: Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing.

More Trending

A Year Later, Cybercrime Groups Still Rampant on Facebook

Krebs on Security

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft.

Groups 198

US CERT Warns of N. Korean 'Hoplight' Trojan

Data Breach Today

Hidden Cobra, Also Known as Lazarus, Appears to Be Behind the Malware U.S. CERT has issued a fresh warning about a newly discovered Trojan called Hoplight that is connected to a notorious APT group with links to North Korea.

Groups 242

Malware Infected Medical Equipment Shows Fake Tumors

Adam Levin

Israeli cybersecurity researchers have created malware capable of showing fake cancerous growths on CT and MRI scans.

Study 106

APT28 and Upcoming Elections: evidence of possible interference

Security Affairs

In mid-March , a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction. In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild.

Patch Tuesday Lowdown, April 2019 Edition

Krebs on Security

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs.

Tips 187

MD Anderson Cancer Center Appeals $4.3 Million HIPAA Fine

Data Breach Today

Organization List Reasons Why It Believes Breach-Related Penalty Was Not Justified The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3

Offering Customers Trusted Digital Security

Thales eSecurity

Last week, we welcomed Gemalto as an official part of the Thales Group, marking the start of a bold new chapter in our company’s history.

Experts spotted a new Mirai variant that targets new processors

Security Affairs

Palo Alto Networks researchers discovered a new variant of the Mirai malware that is targeting more processor architectures than previous ones.

MY TAKE: What ‘fake news’ really is: digital disinformation intended to disrupt, manipulate

The Last Watchdog

President Trump’s constant mislabeling of mainstream news reports he doesn’t appreciate as “fake news” has done much to muddle the accurate definition of this profound global force – and obscure the societal damage this rising phenomenon is precipitating. Related: The scourge of ‘malvertising’ Fake news is the willful spreading of disinformation. Yes, much of political propaganda, as practiced down through the ages, fits that definition.

Congressional Report Rips Equifax for Weak Security

Data Breach Today

How the Anonymous Artist Bansky Authenticates His or Her Work

Schneier on Security

Interesting scheme : It all starts off with a fairly bog standard gallery style certificate. Details of the work, the authenticating agency, a bit of embossing and a large impressive signature at the bottom.

Emsisoft released a free decryptor for CryptoPokemon ransomware

Security Affairs

Good news for the victims of the CryptoPokemon ransomware , security experts at Emsisoft just released a free decrypter tool. Victims of the CryptoPokemon ransomware have a good reason to smile, security experts at Emsisoft have released a free decrypter tool.

MY TAKE: Account hijackers follow small banks, credit unions over to mobile banking apps

The Last Watchdog

As long as cyber attacks continue, financial institutions will remain a prime target, for obvious reasons. Related: OneSpan’s rebranding launch. Outside of giants JP Morgan, Bank of America, Citigroup, Wells Fargo and U.S. Bancorp, the remainder of the more than 10,000 U.S. firms are comprised of community banks and regional credit unions. These smaller institutions, much like the giants, are hustling to expand mobile banking services.

U.K. Man Gets Six-Year Sentence for Global Ransomware Scheme

Data Breach Today

Authorities Say He Spent Ransom Proceeds on Luxury Goods, Gambling A 24-year-old man living in England has been sentenced to more than six years in prison for his role in a ransomware scheme that targeted millions of computers across 20 countries, the U.K.'s s National Crime Agency announced Tuesda

Maliciously Tampering with Medical Imagery

Schneier on Security

In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists. I don't think the medical device industry has thought at all about data integrity and authentication issues.

Zero-day in popular Yuzo Related Posts WordPress Plugin exploited in the wild

Security Affairs

According to experts a vulnerability in the popular WordPress plugin Yuzo Related Posts is exploited by attackers to redirect users to malicious sites.

GDPR: How the definition of personal data has changed

IT Governance

This blog has been updated to reflect industry updates. Originally published June 2017. On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998.

Yahoo Takes Second Swing at Data Breach Settlement

Data Breach Today

Million Settlement Would Be Largest Ever for a Data Breach, Plaintiffs Say Yahoo is hoping a revamped proposed breach-related settlement will pass muster with a federal judge who rejected the first one for myriad reasons, including high attorney fees and a lack of transparency.

Breaking Down the Julian Assange Hacking Case

WIRED Threat Level

WikiLeaks founder Julian Assange has been arrested, and now faces extradition to the United States. But not for leaking classified information. Security Security / Security News

Victims of Planetary Ransomware can decrypt their files for free

Security Affairs

Researchers at Emsisoft developed a decryptor for the Planetary Ransomware family that could allow victims to decrypt their files for free. Good news for the victims of the Planetary Ransomware, security firm Emsisoft has released a decryptor that allows victims to decrypt their files for free.

What kinds of critical business problems are users trying to solve with Content Services?

AIIM

This is part 2 of a four-part series based on our new State of the Industry – Content Services market research study. Part 1 -- What exactly is the link between IIM and Digital Transformation?

Report: FIN6 Shifts From Payment Card Theft to Ransomware

Data Breach Today

Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years

WIRED Threat Level

The TajMahal spyware includes more than 80 distinct spy tools, and went undetected for five years. Security Security / Cyberattacks and Hacks

Tools 82

Siemens addressed several DoS flaws in many products

Security Affairs

Siemens Patch Tuesday updates for April 2019 address several serious vulnerabilities, including some DoS flaws in many industrial products. Siemens has released Patch Tuesday updates that address several serious flaws including some DoS vulnerabilities.

NEW TECH: ‘Network Traffic Analysis’ gets to ground truth about data moving inside the perimeter

The Last Watchdog

Digital transformation is all about high-velocity innovation. But velocity cuts two ways. Related: Obsolescence creeps into perimeter defenses. Yes, the rapid integration of digital technologies into all aspects of commerce has enabled wonderful new services. But it has also translated into an exponential expansion of the attack surface available to cyber criminals.

Trump Shakeup Impacts Cybersecurity Policy

Data Breach Today

Heads of DHS, Secret Service Depart Amidst Leadership Shuffle The exits of the Department of Homeland Security secretary and Secret Service director are prompting discussion about the continuity of U.S.

Report Shows Major Security Holes in Banking Apps

Adam Levin

A security analysis of 30 major banking and financial apps has shown major security holes and a lax approach to protecting user data.

Yoroi Welcomes “Yomi: The Malware Hunter”

Security Affairs