Sat.Apr 20, 2019 - Fri.Apr 26, 2019

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

The Last Watchdog

Accounting for third-party risks is now mandated by regulations — with teeth. Related: Free ‘VRMM’ tool measures third-party exposure Just take a look at Europe’s GDPR , NYDFS’s cybersecurity requirement s or even California’s newly minted Consumer Privacy Act.

Risk 173

The strengths and weaknesses of different VPN protocols

Security Affairs

One in four internet users use a VPN regularly, but how much does the average user know about what goes on behind the software? Pulling back the curtain, a VPN runs on various VPN protocols that govern the way a VPN client communicates with a VPN server.

Towards an Information Operations Kill Chain

Schneier on Security

Cyberattacks don't magically happen; they involve a series of steps. And far from being helpless, defenders can disrupt the attack at any of those steps.

Facebook Marketplace Flaw Revealed Seller's Exact Location

Data Breach Today

Privacy Peril: Thieves Use Location Data to 'Shop' for High-Value Items Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.

IoT 256

More Trending

G7 Comes Out in Favor of Encryption Backdoors

Schneier on Security

WannaCry Stopper Pleads Guilty to Writing Banking Malware

Data Breach Today

Marcus Hutchins, aka MalwareTech, Says He Regrets Coding, Distributing 'Kronos' Marcus Hutchins, the British security researcher who helped stop the massive WannaCry ransomware outbreak in mid-2017, has pleaded guilty to developing and distributing "Kronos" banking malware when he was younger

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

Sales 196

NEW TECH: Circadence deploys ‘gamification’ training to shrink cybersecurity skills gap

The Last Watchdog

It’s clear that closing the cybersecurity skills gap has to happen in order to make our internet-centric world as private and secure as it ought to be. Related: The need for diversity in cybersecurity personnel One of the top innovators in the training space is Circadence ®. The Boulder, CO-based company got its start in the mid-1990s as a pioneer of massive multi-player video games.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Excellent Analysis of the Boeing 737 MAX Software Problems

Schneier on Security

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker.

Regulator to Facebook: Move Fast But Stop Breaking Things

Data Breach Today

FTC Reportedly Eyes Holding Mark Zuckberberg Personally Accountable for Privacy "Move fast and break things," Facebook CEO Mark Zuckerberg once said of his company's internal motto.

60 Million records of LinkedIn users exposed online

Security Affairs

Researcher discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Researcher Sanyam Jain at GDI foundation discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data.

EU To Build Massive Biometric Database

Adam Levin

The European Union’s parliament voted to create a biometric database of over 350 million people.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Achieving digital transformation in the insurance industry

OpenText Information Management

Research has consistently shown that senior management within the insurance sector think digital transformation is critical to their business.

Trojanized TeamViewer Attacks Reveal Mutating Malware

Data Breach Today

Attackers' Small Malicious Code Tweaks Keep Faking Out Defenders, Researchers Warn Check Point Research has spotlighted attacks against several embassies that show how subtle changes in source code can alter how security professionals can detect and stop different types of malware

jQuery JavaScript library flaw opens the doors for attacks on hundreds of millions of websites

Security Affairs

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype.

UK-based organisations are getting better at preventing ransomware

IT Governance

The UK is one of the few countries that has seen a year-on-year reduction in ransomware attacks, a new study has found. According to the 2019 SonicWall Cyber Threat Report , ransomware infections in the UK decreased by 59% in the past year, a stark contrast to the 11% increase globally.

Fooling Automated Surveillance Cameras with Patchwork Color Printout

Schneier on Security

Nice bit of adversarial machine learning. The image from this news article is most of what you need to know, but here's the research paper. academicpapers biometrics cybersecurity machinelearning

Paper 89

TA505 Group Hides Malware in Legitimate Certificates

Data Breach Today

APT Group Targets Banks With Backdoor Malware to Penetrate Networks TA505, a sophisticated advanced persistent threat group, is now using legitimately signed certificates to disguise malware that can penetrate banking networks, security researchers warn in a new report

Groups 239

Hacker broke into super secure French Government’s Messaging App Tchap hours after release

Security Affairs

A white hat hacker discovered how to break Tchap, a new secure messaging app launched by the French government for officials and politicians.

Weekly Update 136

Troy Hunt

Scott is still here with me on the Gold Coast lapping up the sunshine before NDC Security next week so I thought we'd do this week's video next to the palm trees and jet ski ??

GDPR fines are coming and here’s why

IT Governance

Stop us if you’ve heard this one before: organisations that fail to meet the requirements of the GDPR (General Data Protection Regulation) face fines of up to €20 million (about £17.3 million) or 4% of their annual global turnover.

GDPR 88

Facebook Takes $3 Billion Hit, Anticipating FTC Fine

Data Breach Today

Questions Loom About Whether Big Fines Will Prompt Privacy Reform Facebook has set aside $3 billion from its first quarter profit to pay for what is likely to be a record-breaking fine from the U.S. Federal Trade Commission.

Zero-day vulnerability in Oracle WebLogic

Security Affairs

Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability.

Access 107

A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions

WIRED Threat Level

The larger lesson of an ongoing Ethereum crime spree: Be careful with who's generating your cryptocurrency keys. Security Security / Cyberattacks and Hacks

Why OpenText is your secret weapon in OEM product development

OpenText Information Management

Every organization deals with a myriad of types of information. And in all organizations, this information is ever-growing at every stage in its lifecycle – from generation to retirement.

B2B 84

Intelligence Agencies Seek Fast Cyber Threat Dissemination

Data Breach Today

Crooks abuse GitHub platform to host phishing kits

Security Affairs

Experts at Proofpoint discovered that free code repositories on GitHub have been abused since at least 2017 to host phishing websites. Researchers at Proofpoint reported that crooks are abusing free code repositories on GitHub to host phishing websites and bypass security defenses.

The SIM Swap Fix That the US Isn't Using

WIRED Threat Level

While foreign phone carriers are sharing data to stop SIM swap fraud, US carriers are dragging feet. Security Security / Cyberattacks and Hacks

Data 85

Enterprise Architecture and Business Process: Common Goals Require Common Tools

erwin

For decades now, the professional world has put a great deal of energy into discussing the gulf that exists between business and IT teams within organizations. They speak different languages, it’s been said, and work toward different goals.

Tools 83

Canada Says Facebook Violated Privacy Laws

Data Breach Today

Privacy Commissioner Will Go to Court to Enforce Recommendations Canada's privacy commissioner says Facebook violated its privacy laws by failing to protect users' personal data.