INDUSTRY INSIGHTS YOUR PEERS ARE READING
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning MORE
Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes. MORE
IDG’s 2018 Cloud Computing Study tells us: Seventy-three percent of organizations have at least one application, or a portion of their computing infrastructure already in the cloud – 17% plan to do so within the next 12 months. MORE
One profound consequence of Donald Trump’s shutdown of the federal government, now in day 33, is what a boon it is to US cyber adversaries. And moving forward, the long run ramifications are likely to be dire, indeed. Related: Welcome to the ‘golden age’ of cyber espionage. MORE
David Carroll has been locked in a legal war to force the infamous company to turn over its files on him. He’s won a battle, but the struggle continues. Backchannel Security MORE
Funding Holdups for Subpoenas and Confidential Sources are Interrupting Probes FBI agents say the government shutdown is impeding their investigations, including cybersecurity probes, with the lack of funding compromising their ability to pay confidential informants, and obtain warrants or subpoena MORE
This is an edited version of a series of talks I first gave in New York over the past week, outlining my work at Columbia. Many thanks to Reinvent, Pete Leyden, Cap Gemini, Columbia University, Cossette/Vision7, and the New York Times for hosting and helping me. Prelude. MORE
Now with one username and password, organizations have the ability to provide users with a simple, unified authentication and account synchronization process — while still offering the best possible Apple experience. Read the full details MORE
Nest recommended the owners of its security cameras to use enhanced authentication to avoid being hacked as happened with a family living in the US. Over the weekend, a family living in California was terrified with a hoax nuclear missile attack. . MORE
Security expert Robert Baptiste ( aka Elliot Alderson ) discovered a vulnerability ( CVE-2019-6447 ) in the ES File Explorer that potentially expose hundreds of million Android installs. MORE
The security expert Dirk- jan Mollema with Fox-IT discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user with a mailbox to become a Domain Admin. The experts described the attack scenario in a blog post and published a proof-of-concept code. MORE
An ISMS (information security management system) is a centrally managed framework for keeping an organisation’s information secure. It contains a set of policies, procedures and controls for protecting the confidentiality, integrity and availability of information. MORE
This is clever : Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. MORE
It takes a master demagogue to weaponize unstable individuals and aim them at political enemies. Security MORE
Expert discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu. MORE
President Trump Signs Measure to Fund Government for Three Weeks President Donald Trump late Friday signed a short-term funding bill to temporarily end the 35-day federal government partial shutdown. The bill does not include money for a border wall MORE
167 
Home improvement retailer B&Q has suffered a data breach affecting 70,000 of its… well, not customers, exactly. The breached database contained a list of people who had been caught stealing products from B&Q stores. MORE
Government Agencies Should Audit DNS Settings Within 10 Days The U.S. Department of Homeland Security says executive branch agencies are being targeted by attacks aimed at modifying Domain Name System records, which are critical for locating websites and services. MORE
Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. MORE
A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS). MORE
Record Privacy Fine Sends Strong Signal to Data-Processing Technology Companies France has hit Google with a 50 million euro ($57 million) fine for violating the EU's General Data Protection Regulation. MORE
PHP PEAR official site hacked, attackers replaced legitimate version of the package manager with a tainted version in the past 6 months. MORE
Researcher published a PoC exploit code for critical vulnerabilities that could be chained to implement an iOS jailbreak On iPhone X. MORE
Sharing is caring. But it's worth checking if your streaming accounts have picked up any suspicious stragglers along the way. Security MORE
The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. MORE
Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device. MORE
Scheme Offered 'Free' Website for Generating Cryptocurrency Wallet Seeds Police in England have arrested a 36-year-old man as part of an investigation into the theft of at least €10 ($11.3 MORE
Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). . MORE
The cybersecurity talent shortage is here to stay. With an estimated 1.5-2 million unfulfilled cybersecurity positions, organizations are coming to terms with the fact that no amount of creative hiring initiatives will rid them of the need of figuring out how to protect their organizations despite being short staffed. Related: Addressing the cyber skills gap. This does not mean the creative staffing solutions do not serve their purpose. MORE
Cisco is out with findings from its 2019 Data Privacy Benchmark Study, which shows the impact of GDPR compliance as well as how customers are asking more questions about how their data is secured. Cisco Chief Privacy Officer Michelle Dennedy analyzes the survey MORE
The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target’s address. MORE
Krebs on Security
JANUARY 23, 2019
The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents.
Dark Reading
JANUARY 22, 2019
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning
The Last Watchdog
JANUARY 22, 2019
The cybersecurity talent shortage is here to stay. With an estimated 1.5-2 million unfulfilled cybersecurity positions, organizations are coming to terms with the fact that no amount of creative hiring initiatives will rid them of the need of figuring out how to protect their organizations despite being short staffed. Related: Addressing the cyber skills gap. This does not mean the creative staffing solutions do not serve their purpose.
Data Breach Today
JANUARY 24, 2019
Funding Holdups for Subpoenas and Confidential Sources are Interrupting Probes FBI agents say the government shutdown is impeding their investigations, including cybersecurity probes, with the lack of funding compromising their ability to pay confidential informants, and obtain warrants or subpoena
Security Affairs
JANUARY 25, 2019
The security expert Dirk- jan Mollema with Fox-IT discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user with a mailbox to become a Domain Admin. The experts described the attack scenario in a blog post and published a proof-of-concept code.
|
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
|
|
Data Breach Today
JANUARY 22, 2019
Record Privacy Fine Sends Strong Signal to Data-Processing Technology Companies France has hit Google with a 50 million euro ($57 million) fine for violating the EU's General Data Protection Regulation.
Krebs on Security
JANUARY 25, 2019
The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target’s address.
IT Governance
JANUARY 25, 2019
Home improvement retailer B&Q has suffered a data breach affecting 70,000 of its… well, not customers, exactly. The breached database contained a list of people who had been caught stealing products from B&Q stores.
Security Affairs
JANUARY 20, 2019
Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device.
Data Breach Today
JANUARY 24, 2019
Scheme Offered 'Free' Website for Generating Cryptocurrency Wallet Seeds Police in England have arrested a 36-year-old man as part of an investigation into the theft of at least €10 ($11.3
WIRED Threat Level
JANUARY 25, 2019
David Carroll has been locked in a legal war to force the infamous company to turn over its files on him. He’s won a battle, but the struggle continues. Backchannel Security
IT Governance
JANUARY 21, 2019
Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). .
Security Affairs
JANUARY 21, 2019
A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS).
Data Breach Today
JANUARY 24, 2019
Cisco is out with findings from its 2019 Data Privacy Benchmark Study, which shows the impact of GDPR compliance as well as how customers are asking more questions about how their data is secured. Cisco Chief Privacy Officer Michelle Dennedy analyzes the survey
Adam Levin
JANUARY 25, 2019
Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes.
Thales eSecurity
JANUARY 22, 2019
IDG’s 2018 Cloud Computing Study tells us: Seventy-three percent of organizations have at least one application, or a portion of their computing infrastructure already in the cloud – 17% plan to do so within the next 12 months.
Security Affairs
JANUARY 23, 2019
PHP PEAR official site hacked, attackers replaced legitimate version of the package manager with a tainted version in the past 6 months.
Data Breach Today
JANUARY 23, 2019
Government Agencies Should Audit DNS Settings Within 10 Days The U.S. Department of Homeland Security says executive branch agencies are being targeted by attacks aimed at modifying Domain Name System records, which are critical for locating websites and services.
John Battelle's Searchblog
JANUARY 25, 2019
This is an edited version of a series of talks I first gave in New York over the past week, outlining my work at Columbia. Many thanks to Reinvent, Pete Leyden, Cap Gemini, Columbia University, Cossette/Vision7, and the New York Times for hosting and helping me. Prelude.
Schneier on Security
JANUARY 25, 2019
Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems.
Security Affairs
JANUARY 22, 2019
Expert discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu.
Data Breach Today
JANUARY 21, 2019
Facebook Probed by FTC Over Failures that Enabled Cambridge Analytica Scandal The U.S.
IT Governance
JANUARY 22, 2019
An ISMS (information security management system) is a centrally managed framework for keeping an organisation’s information secure. It contains a set of policies, procedures and controls for protecting the confidentiality, integrity and availability of information.
Schneier on Security
JANUARY 21, 2019
This is clever : Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks.
Security Affairs
JANUARY 23, 2019
Researcher published a PoC exploit code for critical vulnerabilities that could be chained to implement an iOS jailbreak On iPhone X.
Data Breach Today
JANUARY 25, 2019
President Trump Signs Measure to Fund Government for Three Weeks President Donald Trump late Friday signed a short-term funding bill to temporarily end the 35-day federal government partial shutdown. The bill does not include money for a border wall
Jamf
JANUARY 24, 2019
Now with one username and password, organizations have the ability to provide users with a simple, unified authentication and account synchronization process — while still offering the best possible Apple experience. Read the full details
WIRED Threat Level
JANUARY 20, 2019
Sharing is caring. But it's worth checking if your streaming accounts have picked up any suspicious stragglers along the way. Security
Security Affairs
JANUARY 23, 2019
Nest recommended the owners of its security cameras to use enhanced authentication to avoid being hacked as happened with a family living in the US. Over the weekend, a family living in California was terrified with a hoax nuclear missile attack. .
IT Governance
JANUARY 23, 2019
WIRED Threat Level
JANUARY 21, 2019
It takes a master demagogue to weaponize unstable individuals and aim them at political enemies. Security
Security Affairs
JANUARY 19, 2019
Security expert Robert Baptiste ( aka Elliot Alderson ) discovered a vulnerability ( CVE-2019-6447 ) in the ES File Explorer that potentially expose hundreds of million Android installs.
Let's personalize your content