Sat.Apr 20, 2019 - Fri.Apr 26, 2019

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

The Last Watchdog

Accounting for third-party risks is now mandated by regulations — with teeth. Related: Free ‘VRMM’ tool measures third-party exposure Just take a look at Europe’s GDPR , NYDFS’s cybersecurity requirement s or even California’s newly minted Consumer Privacy Act.

Risk 169

The strengths and weaknesses of different VPN protocols

Security Affairs

One in four internet users use a VPN regularly, but how much does the average user know about what goes on behind the software? Pulling back the curtain, a VPN runs on various VPN protocols that govern the way a VPN client communicates with a VPN server.

Towards an Information Operations Kill Chain

Schneier on Security

Cyberattacks don't magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps.

Facebook Marketplace Flaw Revealed Seller's Exact Location

Data Breach Today

Privacy Peril: Thieves Use Location Data to 'Shop' for High-Value Items Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.

IoT 239

More Trending

EU To Build Massive Biometric Database

Adam Levin

The European Union’s parliament voted to create a biometric database of over 350 million people.

WannaCry Stopper Pleads Guilty to Writing Banking Malware

Data Breach Today

Marcus Hutchins, aka MalwareTech, Says He Regrets Coding, Distributing 'Kronos' Marcus Hutchins, the British security researcher who helped stop the massive WannaCry ransomware outbreak in mid-2017, has pleaded guilty to developing and distributing "Kronos" banking malware when he was younger

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

Sales 190

Excellent Analysis of the Boeing 737 MAX Software Problems

Schneier on Security

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Hacker broke into super secure French Government’s Messaging App Tchap hours after release

Security Affairs

A white hat hacker discovered how to break Tchap, a new secure messaging app launched by the French government for officials and politicians.

Regulator to Facebook: Move Fast But Stop Breaking Things

Data Breach Today

FTC Reportedly Eyes Holding Mark Zuckberberg Personally Accountable for Privacy "Move fast and break things," Facebook CEO Mark Zuckerberg once said of his company's internal motto.

NEW TECH: Alcide introduces a “microservices firewall” as a dynamic ‘IaaS’ market takes shape

The Last Watchdog

As a tech reporter at USA TODAY, I wrote stories about how Google fractured Microsoft’s Office monopoly , and then how Google clawed ahead of Apple to dominate the global smartphone market. Related: A path to fruition of ‘SecOps’ And now for Act 3, Google has thrown down the gauntlet at Amazon, challenging the dominant position of Amazon Web Services in the fast-emerging cloud infrastructure global market.

G7 Comes Out in Favor of Encryption Backdoors

Schneier on Security

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype.

Facebook Takes $3 Billion Hit, Anticipating FTC Fine

Data Breach Today

Questions Loom About Whether Big Fines Will Prompt Privacy Reform Facebook has set aside $3 billion from its first quarter profit to pay for what is likely to be a record-breaking fine from the U.S. Federal Trade Commission.

NEW TECH: Circadence deploys ‘gamification’ training to shrink cybersecurity skills gap

The Last Watchdog

It’s clear that closing the cybersecurity skills gap has to happen in order to make our internet-centric world as private and secure as it ought to be. Related: The need for diversity in cybersecurity personnel One of the top innovators in the training space is Circadence ®. The Boulder, CO-based company got its start in the mid-1990s as a pioneer of massive multi-player video games.

Achieving digital transformation in the insurance industry

OpenText Information Management

Research has consistently shown that senior management within the insurance sector think digital transformation is critical to their business.

Zero-day vulnerability in Oracle WebLogic

Security Affairs

Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability.

Access 108

Trojanized TeamViewer Attacks Reveal Mutating Malware

Data Breach Today

Attackers' Small Malicious Code Tweaks Keep Faking Out Defenders, Researchers Warn Check Point Research has spotlighted attacks against several embassies that show how subtle changes in source code can alter how security professionals can detect and stop different types of malware

Many firms fear impact of data security measures on business operations

Information Management Resources

Many technology executives around the world have held back from implementing critical measures that keep their organizations resilient against disruption and cyber threats. Data security Cyber security Cyber attacks

UK-based organisations are getting better at preventing ransomware

IT Governance

The UK is one of the few countries that has seen a year-on-year reduction in ransomware attacks, a new study has found. According to the 2019 SonicWall Cyber Threat Report , ransomware infections in the UK decreased by 59% in the past year, a stark contrast to the 11% increase globally.

Crooks abuse GitHub platform to host phishing kits

Security Affairs

Experts at Proofpoint discovered that free code repositories on GitHub have been abused since at least 2017 to host phishing websites. Researchers at Proofpoint reported that crooks are abusing free code repositories on GitHub to host phishing websites and bypass security defenses.

TA505 Group Hides Malware in Legitimate Certificates

Data Breach Today

APT Group Targets Banks With Backdoor Malware to Penetrate Networks TA505, a sophisticated advanced persistent threat group, is now using legitimately signed certificates to disguise malware that can penetrate banking networks, security researchers warn in a new report

Groups 242

U.K. cybersecurity agency won't tip regulator on breaches

Information Management Resources

The decision is designed to prevent new data privacy laws from having a chilling effect on businesses’ willingness to share information about cyber attacks with the government. Data breaches Data security Cyber security Cyber attacks

Tips 95

GDPR fines are coming and here’s why

IT Governance

Stop us if you’ve heard this one before: organisations that fail to meet the requirements of the GDPR (General Data Protection Regulation) face fines of up to €20 million (about £17.3 million) or 4% of their annual global turnover.


Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

Experts discovered security flaws in the iLnkP2P peer-to-peer (P2P) system that exposes millions of IoT devices to remote attacks. Security expert Paul Marrapese discovered two serious vulnerabilities in the iLnkP2P P2P system that ìs developed by Chinese firm Shenzhen Yunni Technology Company, Inc.

IoT 92

Intelligence Agencies Seek Fast Cyber Threat Dissemination

Data Breach Today

Top 50 organizations for data analytics to be honored

Information Management Resources

Fifty organizations that excel at data analytics will be honored for their efforts on May 2, at the Drexel LeBow Analytics 50 Awards Ceremony. Analytics Chief Data Officer Data management

Why OpenText is your secret weapon in OEM product development

OpenText Information Management

Every organization deals with a myriad of types of information. And in all organizations, this information is ever-growing at every stage in its lifecycle – from generation to retirement.

B2B 87

Google is going to block logins from embedded browsers against MitM phishing attacks

Security Affairs

Google this week announced that it is going to block login attempts from embedded browser frameworks to prevent man-in-the-middle (MiTM) phishing attacks.

Canada Says Facebook Violated Privacy Laws

Data Breach Today

Privacy Commissioner Will Go to Court to Enforce Recommendations Canada's privacy commissioner says Facebook violated its privacy laws by failing to protect users' personal data.