Sat.Jan 19, 2019 - Fri.Jan 25, 2019

How the U.S. Govt. Shutdown Harms Security

Krebs on Security

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents.

How Cybercriminals Clean Their Dirty Money

Dark Reading

By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning

109
109

GUEST POST: Six tangible ways ‘SOAR’ can help narrow the cybersecurity skills gap

The Last Watchdog

The cybersecurity talent shortage is here to stay. With an estimated 1.5-2 million unfulfilled cybersecurity positions, organizations are coming to terms with the fact that no amount of creative hiring initiatives will rid them of the need of figuring out how to protect their organizations despite being short staffed. Related: Addressing the cyber skills gap. This does not mean the creative staffing solutions do not serve their purpose.

FBI Agents Say Shutdown is Damaging Cyber Investigations

Data Breach Today

Funding Holdups for Subpoenas and Confidential Sources are Interrupting Probes FBI agents say the government shutdown is impeding their investigations, including cybersecurity probes, with the lack of funding compromising their ability to pay confidential informants, and obtain warrants or subpoena

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

Microsoft Exchange zero-day and exploit could allow anyone to be an admin

Security Affairs

The security expert Dirk- jan Mollema with Fox-IT discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user with a mailbox to become a Domain Admin. The experts described the attack scenario in a blog post and published a proof-of-concept code.

More Trending

France Hits Google with $57 Million GDPR Fine

Data Breach Today

Record Privacy Fine Sends Strong Signal to Data-Processing Technology Companies France has hit Google with a 50 million euro ($57 million) fine for violating the EU's General Data Protection Regulation.

GDPR 233

Three Charged for Working With Serial Swatter

Krebs on Security

The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target’s address.

Video 201

70,000 affected in B&Q data breach

IT Governance

Home improvement retailer B&Q has suffered a data breach affecting 70,000 of its… well, not customers, exactly. The breached database contained a list of people who had been caught stealing products from B&Q stores.

Unpatched Cisco critical flaw CVE-2018-15439 exposes small Business Networks to hack

Security Affairs

Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device.

Police Arrest €10 Million IOTA Cryptocurrency Theft Suspect

Data Breach Today

Scheme Offered 'Free' Website for Generating Cryptocurrency Wallet Seeds Police in England have arrested a 36-year-old man as part of an investigation into the theft of at least €10 ($11.3

213
213

One Man’s Obsessive Fight to Reclaim His Cambridge Analytica Data

WIRED Threat Level

David Carroll has been locked in a legal war to force the infamous company to turn over its files on him. He’s won a battle, but the struggle continues. Backchannel Security

IT 106

Google fined £44 million in landmark GDPR ruling

IT Governance

Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). .

GDPR 103

A flaw in MySQL could allow rogue servers to steal files from clients

Security Affairs

A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS).

Cisco Studies Global Impact of GDPR

Data Breach Today

Cisco is out with findings from its 2019 Data Privacy Benchmark Study, which shows the impact of GDPR compliance as well as how customers are asking more questions about how their data is secured. Cisco Chief Privacy Officer Michelle Dennedy analyzes the survey

Study 206

Trojans and Spyware Are Making a Comeback

Adam Levin

Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes.

Securing data in the hybrid cloud

Thales eSecurity

IDG’s 2018 Cloud Computing Study tells us: Seventy-three percent of organizations have at least one application, or a portion of their computing infrastructure already in the cloud – 17% plan to do so within the next 12 months.

Cloud 91

PHP PEAR official site hacked, tainted package manager distributed for 6 months

Security Affairs

PHP PEAR official site hacked, attackers replaced legitimate version of the package manager with a tainted version in the past 6 months.

Blog 107

DHS Issues More Urgent Warning on DNS Hijacking

Data Breach Today

Government Agencies Should Audit DNS Settings Within 10 Days The U.S. Department of Homeland Security says executive branch agencies are being targeted by attacks aimed at modifying Domain Name System records, which are critical for locating websites and services.

Our Data Governance Is Broken. Let’s Reinvent It.

John Battelle's Searchblog

This is an edited version of a series of talks I first gave in New York over the past week, outlining my work at Columbia. Many thanks to Reinvent, Pete Leyden, Cap Gemini, Columbia University, Cossette/Vision7, and the New York Times for hosting and helping me. Prelude.

Hacking the GCHQ Backdoor

Schneier on Security

Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems.

Critical flaw in Linux APT package manager could allow remote hack

Security Affairs

Expert discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu.

Video 104

Report: Federal Trade Commission Weighs Facebook Fine

Data Breach Today

Facebook Probed by FTC Over Failures that Enabled Cambridge Analytica Scandal The U.S.

IT 172

What is an ISMS and 8 reasons why you should implement one

IT Governance

An ISMS (information security management system) is a centrally managed framework for keeping an organisation’s information secure. It contains a set of policies, procedures and controls for protecting the confidentiality, integrity and availability of information.

Paper 81

Clever Smartphone Malware Concealment Technique

Schneier on Security

This is clever : Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks.

Expert shares PoC exploit code for remote iOS 12 jailbreak On iPhone X

Security Affairs

Researcher published a PoC exploit code for critical vulnerabilities that could be chained to implement an iOS jailbreak On iPhone X.

Video 104

Deal to Reopen U.S. Government Approved

Data Breach Today

President Trump Signs Measure to Fund Government for Three Weeks President Donald Trump late Friday signed a short-term funding bill to temporarily end the 35-day federal government partial shutdown. The bill does not include money for a border wall

Eliminate the challenges of binding: Jamf Connect now integrates with Azure Active Directory

Jamf

Now with one username and password, organizations have the ability to provide users with a simple, unified authentication and account synchronization process — while still offering the best possible Apple experience. Read the full details

How to Find Your Netflix Freeloaders—and Kick Them Out

WIRED Threat Level

Sharing is caring. But it's worth checking if your streaming accounts have picked up any suspicious stragglers along the way. Security

Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert

Security Affairs

Nest recommended the owners of its security cameras to use enhanced authentication to avoid being hacked as happened with a family living in the US. Over the weekend, a family living in California was terrified with a hoax nuclear missile attack. .

Dharma Gang Pushes Phobos Crypto-Locking Ransomware

Data Breach Today

The PCI SSC’s new software security standards – what you need to know

IT Governance

Jargon Watch: Stochastic Terrorism Lets Bullies Operate in Plain Sight

WIRED Threat Level

It takes a master demagogue to weaponize unstable individuals and aim them at political enemies. Security

IT 80

ES File Explorer vulnerabilities potentially impact 100 Million Users

Security Affairs

Security expert Robert Baptiste ( aka Elliot Alderson ) discovered a vulnerability ( CVE-2019-6447 ) in the ES File Explorer that potentially expose hundreds of million Android installs.

Video 101