Sat.Dec 22, 2018 - Fri.Dec 28, 2018

It’s Not Facebook’s Fault: Our Shadow Internet Constitution

John Battelle's Searchblog

Those of us fortunate enough to have lived through the birth of the web have a habit of stewing in our own nostalgia. We’ll recall some cool site from ten or more years back, then think to ourselves (or sometimes out loud on Twitter ): “Well damn, things were way better back then.”

IT 103

The Rise of Self-Concealing Steganography

Data Breach Today

Tool Hides Virtual Volumes But Leaves Linux Looking 'Bit-for-Bit' Normal Digital steganography is the practice of hiding information in plain sight, especially inside other data or images.

GUEST ESSAY: The case for engaging in ‘threat hunting’ — and how to do it effectively

The Last Watchdog

Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business’ systems for a long time without anyone noticing. This is referred to as ‘dwell time’, and a recent report from the Ponemon Institute indicates that the average dwell time is 191 days. Related podcast: The re-emergence of SIEMs. In an ideal world there would no dwell time at all, and threats would be identified before they can penetrate business’ defenses.

How To 138

Serial Swatter and Stalker Mir Islam Arrested for Allegedly Dumping Body in River

Krebs on Security

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Hackers infect Linux servers with JungleSec Ransomware via IPMI Remote console

Security Affairs

Since November, a new ransomware called JungleSec has been infecting servers through unsecured IPMI (Intelligent Platform Management Interface) cards.

More Trending

Pan Am Flight 103: Robert Mueller’s 30-Year Search for Justice

WIRED Threat Level

In December 1988 a bomb downed a Pan Am jet, leaving 270 dead. It was the first mass killing of Americans by terrorists. As the head of the Justice Department’s criminal division, Robert Mueller oversaw the case. And for him, it was personal. Backchannel Security

IT 98

Weekly Update 119

Troy Hunt

I'm home! And it's a nice hot Christmas! And I've got a new car! And that's where the discussion kinda started heading south this week.

Cisco ASA is affacted by a privilege escalation flaw. Patch it now!

Security Affairs

Cisco Adaptive Security Appliance (ASA) Software is affected by a vulnerability that could be exploited by an attacker to retrieve files or replace software images on a device. .

Web Portals: More Breaches Illustrate the Vulnerabilities

Data Breach Today

Credit Card Information Exposed in Latest Portal Incident Web portals designed to provide convenient service to consumers can pose substantial security risks, as numerous breaches in recent years have clearly illustrated. What steps can be taken to reduce those risks

Risk 210

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Massive Ad Fraud Scheme Relied on BGP Hijacking

Schneier on Security

This is a really interesting story of an ad fraud scheme that relied on hijacking the Border Gateway Protocol: Members of 3ve (pronounced "eve") used their large reservoir of trusted IP addresses to conceal a fraud that otherwise would have been easy for advertisers to detect.

Tools 93

Retail in 2019 needs security precautions

Thales eSecurity

As the retail industry follows suit with today’s digital transformation, customer expectations are at an all-time high. Retailers are looking to address these demands with interconnected experiences to give customers more personalized and immediate experiences both in-stores and online.

Hackers launched phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale

Security Affairs

Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale. Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor.

Ron Ross of NIST on Protecting Critical Infrastructure

Data Breach Today

Sizing Up the Threats and Reviewing the Mitigation Effort In an increasingly complex world of interconnected information systems and devices, more must be done to protect critical infrastructure, says Ron Ross of the National Institute of Standards and Technology

198
198

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

MD5 and SHA-1 Still Used in 2018

Schneier on Security

How China Helped Make the Internet Less Free in 2018

WIRED Threat Level

Tech companies, democratic governments, and civil society need to work together to fight back against growing surveillance and censorship online. Security

A new Shamoon 3 sample uploaded to VirusTotal from France

Security Affairs

A new sample of Shamoon 3 was uploaded on December 23 to the VirusTotal platform from France, it is signed with a Baidu certificate. A new sample of the dreaded Shamoon wiper was uploaded on December 23 to the VirusTotal platform from France.

Hacked Mt. Gox Bitcoin Exchange Chief Maintains Innocence

Data Breach Today

Prosecutors in Japan Seek 10-Year Embezzlement Sentence for Mark Karpeles Mark Karpeles, the former head of hacked Tokyo-based bitcoin exchange Mt. Gox, has continued to maintain his innocence during the closing arguments in an embezzlement trial against him, Japanese local media report.

192
192

Human Rights by Design

Schneier on Security

Good essay: " Advancing Human-Rights-By-Design In The Dual-Use Technology Industry ," by Jonathon Penney, Sarah McKune, Lex Gill, and Ronald J. Deibert: But businesses can do far more than these basic measures.

We’re all Just Starting to Realize the Power of Personal Data

WIRED Threat Level

This year revealed consumers have a lot more to learn about what happens to their information online. Security

Data 79

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Security Affairs

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. The campaign targeted organizations in the US and the UK, the attackers have been abusing Google Cloud Storage to deliver payload.

Cloud 102

Feds Disrupt Top Stresser/Booter Services

Data Breach Today

DDoS-as-a-Service Providers Targeted by Arrests and Takedowns Fifteen of the world's biggest "stresser/booter" services, designed to enable users to launch DDoS attacks against sites on demand, have been shut down, and three men who allegedly ran such services have been charged

192
192

QR Codes: The future with no security shake up

Thales eSecurity

( Originally posted on Cards International). To reach its tipping point, cashless payment technology has come on a long way since the first magnetic stripe card almost 50 years ago. The development of chip and PIN addressed concerns over security, before the emergence of contactless catered to consumer demands for greater convenience. Today, a new stage in the evolution of payments is growing in popularity.

5 trends that will impact digital transformation initiatives

Information Management Resources

As businesses continue to embrace innovation, the following five trends should remain top of mind for organizations looking to continue to drive their digital transformation initiatives in 2019. Hardware and software Data strategy Internet of things Data storage

Information Disclosure flaw allows attackers to find Huawei routers with default credentials

Security Affairs

Some models of Huawei routers are affected by a flaw that could be exploited by attackers to determine whether the devices have default credentials or not.

Report: Trump Weighs Executive Order Banning Huawei, ZTE

Data Breach Today

Move Would Prohibit All US Use of Chinese Manufacturers' Telecommunications Gear President Donald Trump is reportedly continuing to weigh an executive order that would ban all U.S. organizations from using telecommunications hardware built by China's Huawei and ZTE.

Toxic Data: How 'Deepfakes' Threaten Cybersecurity

Dark Reading

The joining of 'deep learning' and 'fake news' makes it possible to create audio and video of real people saying words they never spoke or things they never did

Video 95

6 key areas that will separate the AI leaders from laggards

Information Management Resources

Here are the areas companies need to focus on in 2019 to be ahead of the competition when it comes to AI, according to the consulting firm PwC. Artificial intelligence Machine learning PriceWaterhouseCoopers

IT 95

Personal details of roughly 1000 North Korean defectors leaked in hacking case.

Security Affairs

Personal details of roughly 1,000 North Korean defectors living in South Korea have been leaked in a hacking case. Personal details of nearly 1,000 North Korean defectors were leaked as a result of a cyber attack exposing them to severe threats from Pyongyang.

Looking Ahead to 2019: Breaches, Regulations and More

Data Breach Today

A Summary of the Best Predictions for Next Year What's ahead for the cybersecurity landscape in 2019? We've received many lists of predictions from vendors and analysts for next year, and we've picked out five of the most interesting ones

Weekly Update 118

Troy Hunt

And that's it for Canada. I recorded this Saturday morning local before heading out for last runs with the family. It's been fun but as I just tweeted sitting here in the airport: That’s it for Canada! It’s been fun, but it’s time for sunshine again ???? ?? ????

Document Scanning vs Digitizing: What They Are, the Differences, and the Benefits

Record Nations

While the two terms are often used interchangeably, there are a number of unique benefits and differences between scanning and digitizing.