Sat.Apr 06, 2019 - Fri.Apr 12, 2019

Dark Patterns: How Weaponized Usability Hurts Users

Data Breach Today

Fresh Legislation Targets Deceptive, Privacy-Shredding Interface Design Dark patterns are out to get you. The term describes the practice of abusing usability norms to create user interfaces that trick users into divulging their personal details or sacrificing their privacy.

87% of organisations have an insufficient cyber security budget

IT Governance

Although organisations are devoting more resources to cyber security in order to tackle the growing threat of data breaches, 87% say they don’t have the budget to meet their needs, a new report has found.

Q&A: How cutting out buzzwords could actually ease implementation of powerful security tools

The Last Watchdog

The central dilemma posed by digital transformation is this: How do companies reap the benefits of high-velocity software development without creating onerous security exposures? Related: Golden Age of cyber spying dawns. The best practices standards and protocols to pull off this delicate balancing act have been thoroughly vetted and are readily available. And there’s certainly no shortage of sophisticated technology solutions. So what’s missing?

Tools 115

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Attackers Shift to Malware-Based Cryptominers

Data Breach Today

Cryptocurrency Market Slide Makes In-Browser Mining Less Appealing Browser-based cryptocurrency miners are falling out of favor as virtual currency prices remain low, IBM says. But the company says malware-based miners are coming back, including fileless ones that rely on Powershell.

Mining 271

More Trending

MY TAKE: What ‘fake news’ really is: digital disinformation intended to disrupt, manipulate

The Last Watchdog

President Trump’s constant mislabeling of mainstream news reports he doesn’t appreciate as “fake news” has done much to muddle the accurate definition of this profound global force – and obscure the societal damage this rising phenomenon is precipitating. Related: The scourge of ‘malvertising’ Fake news is the willful spreading of disinformation. Yes, much of political propaganda, as practiced down through the ages, fits that definition.

A Year Later, Cybercrime Groups Still Rampant on Facebook

Krebs on Security

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft.

Groups 208

US CERT Warns of N. Korean 'Hoplight' Trojan

Data Breach Today

Hidden Cobra, Also Known as Lazarus, Appears to Be Behind the Malware U.S. CERT has issued a fresh warning about a newly discovered Trojan called Hoplight that is connected to a notorious APT group with links to North Korea.

Groups 252

Malware Infected Medical Equipment Shows Fake Tumors

Adam Levin

Israeli cybersecurity researchers have created malware capable of showing fake cancerous growths on CT and MRI scans.

Study 111

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

MY TAKE: Account hijackers follow small banks, credit unions over to mobile banking apps

The Last Watchdog

As long as cyber attacks continue, financial institutions will remain a prime target, for obvious reasons. Related: OneSpan’s rebranding launch. Outside of giants JP Morgan, Bank of America, Citigroup, Wells Fargo and U.S. Bancorp, the remainder of the more than 10,000 U.S. firms are comprised of community banks and regional credit unions. These smaller institutions, much like the giants, are hustling to expand mobile banking services.

Patch Tuesday Lowdown, April 2019 Edition

Krebs on Security

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs.

Tips 201

MD Anderson Cancer Center Appeals $4.3 Million HIPAA Fine

Data Breach Today

Organization List Reasons Why It Believes Breach-Related Penalty Was Not Justified The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3

WPA3 attacks allow hackers to hack Wi-Fi password

Security Affairs

Security researchers discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

NEW TECH: ‘Network Traffic Analysis’ gets to ground truth about data moving inside the perimeter

The Last Watchdog

Digital transformation is all about high-velocity innovation. But velocity cuts two ways. Related: Obsolescence creeps into perimeter defenses. Yes, the rapid integration of digital technologies into all aspects of commerce has enabled wonderful new services. But it has also translated into an exponential expansion of the attack surface available to cyber criminals.

How the Anonymous Artist Bansky Authenticates His or Her Work

Schneier on Security

Interesting scheme : It all starts off with a fairly bog standard gallery style certificate. Details of the work, the authenticating agency, a bit of embossing and a large impressive signature at the bottom.

Congressional Report Rips Equifax for Weak Security

Data Breach Today

APT28 and Upcoming Elections: evidence of possible interference

Security Affairs

In mid-March , a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction. In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild.

NEW TECH: Critical Start delivers managed security services with ‘radical transparency’

The Last Watchdog

It was in 2012 that CRITICAL START burst onto the Managed Security Service Provider (MSSP) scene with bold intentions. Related: How SMBs can leverage threat intelligence. The Plano, TX-based company sought to elevate the “MSSP” space high above the accepted standard at the time. It set out to do this by delivering security services based on Zero-Trust and that also provided radical transparency to its customers. CRITICAL START has since grown to 105 employees, serving hundreds of customers.

Maliciously Tampering with Medical Imagery

Schneier on Security

In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists. I don't think the medical device industry has thought at all about data integrity and authentication issues.

U.K. Man Gets Six-Year Sentence for Global Ransomware Scheme

Data Breach Today

Authorities Say He Spent Ransom Proceeds on Luxury Goods, Gambling A 24-year-old man living in England has been sentenced to more than six years in prison for his role in a ransomware scheme that targeted millions of computers across 20 countries, the U.K.'s s National Crime Agency announced Tuesda

Experts spotted a new Mirai variant that targets new processors

Security Affairs

Palo Alto Networks researchers discovered a new variant of the Mirai malware that is targeting more processor architectures than previous ones.

GDPR: How the definition of personal data has changed

IT Governance

This blog has been updated to reflect industry updates. Originally published June 2017. On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998.

Offering Customers Trusted Digital Security

Thales eSecurity

Last week, we welcomed Gemalto as an official part of the Thales Group, marking the start of a bold new chapter in our company’s history.

Yahoo Takes Second Swing at Data Breach Settlement

Data Breach Today

Million Settlement Would Be Largest Ever for a Data Breach, Plaintiffs Say Yahoo is hoping a revamped proposed breach-related settlement will pass muster with a federal judge who rejected the first one for myriad reasons, including high attorney fees and a lack of transparency.

Emsisoft released a free decryptor for CryptoPokemon ransomware

Security Affairs

Good news for the victims of the CryptoPokemon ransomware , security experts at Emsisoft just released a free decrypter tool. Victims of the CryptoPokemon ransomware have a good reason to smile, security experts at Emsisoft have released a free decrypter tool.

Keeping Up with New Data Protection Regulations

erwin

Keeping up with new data protection regulations can be difficult, and the latest – the General Data Protection Regulation (GDPR) – isn’t the only new data protection regulation organizations should be aware of.

Data 89

TajMahal Spyware

Schneier on Security

Kaspersky has released details about a sophisticated nation-state spyware it calls TajMahal: The TajMahal framework's 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks.

Report: FIN6 Shifts From Payment Card Theft to Ransomware

Data Breach Today

Victims of Planetary Ransomware can decrypt their files for free

Security Affairs

Researchers at Emsisoft developed a decryptor for the Planetary Ransomware family that could allow victims to decrypt their files for free. Good news for the victims of the Planetary Ransomware, security firm Emsisoft has released a decryptor that allows victims to decrypt their files for free.

Report Shows Major Security Holes in Banking Apps

Adam Levin

A security analysis of 30 major banking and financial apps has shown major security holes and a lax approach to protecting user data.

What kinds of critical business problems are users trying to solve with Content Services?

AIIM

This is part 2 of a four-part series based on our new State of the Industry – Content Services market research study. Part 1 -- What exactly is the link between IIM and Digital Transformation?