Sat.Mar 09, 2019 - Fri.Mar 15, 2019

Recapping RSA Conference 2019: No Silver Bullet for Security

Thales eSecurity

I was really looking forward to participating in RSA 2019 and it was a great event. There was tremendous energy and buzz in our booth and on the show floor.

These Cookie Warning Shenanigans Have Got to Stop

Troy Hunt

This will be short, ranty and to the point: these warnings are getting ridiculous: I know, tell you something you don't know! The whole ugly issue reared its head again on the weekend courtesy of the story in this tweet: I’m not sure if this makes it better or worse.

Mining 114

On Surveillance in the Workplace

Schneier on Security

Tools 78

Cover Your NAS Against Nasty Cr1ptT0r Ransomware

Data Breach Today

Crypto-Locking Extortion Targets Internet-Exposed D-Link Devices Criminals wielding a new strain of ransomware called Cr1ptT0r are targeting network-attached storage users.

Insert Skimmer + Camera Cover PIN Stealer

Krebs on Security

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs.

Video 207

Severe RCE vulnerability affected popular StackStorm Automation Software

Security Affairs

The security researcher Barak Tawilyhas discovered a severe vulnerability, tracked as CVE-2019-9580, in the popular, open source event-driven platform StackStorm.

More Trending

Citrix Hacked by Password-Spraying Attackers, FBI Warns

Data Breach Today

Cyber-Espionage Campaign Appears Separate to Recent Credential-Stuffing Breach Citrix Systems is investigating a suspected hack attack, resulting in the theft of business documents, after being tipped off by the FBI.

Ad Network Sizmek Probes Account Breach

Krebs on Security

Online advertising firm Sizmek Inc. [ NASDAQ: SZMK ] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers.

Vulnerabilities in car alarm systems exposed 3 million cars to hack

Security Affairs

Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack.

Demo 114

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

There are certain things we as consumers have come to do intuitively: brushing our teeth in the morning; looking both ways before crossing a city street; buckling up when we get into a car. Related: What needs to happen to enable driverless transportation — safely. In the not too distant future, each one of us will need to give pause, on a daily basis, to duly consider how we purchase and use Internet of Things devices and services. This is coming.

IoT 153

Georgia County Pays $400,000 to Ransomware Attackers

Data Breach Today

Cybercrime Gang Wielding Ryuk Eyed as Culprit Officials in Jackson County, Georgia, along with the FBI are investigating a ransomware attack that crippled IT systems over a two-week period and reportedly led local officials to pay a bitcoin ransom worth $400,000 to restore systems and infrastructur

Patch Tuesday, March 2019 Edition

Krebs on Security

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on.

Tips 168

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

Security Affairs

One of the zero-day flaws ( CVE-2019-0797 ) patched this week by Microsoft has been exploited in targeted attacks by several threats groups, including FruityArmor and SandCat APT groups.

Groups 108

With Privacy as Its Shield, Facebook Hopes To Conquer the Entire Internet.

John Battelle's Searchblog

Never mind that man behind the privacy curtain. I’ll never forget a meal I had with a senior executive at Facebook many years ago, back when I was just starting to question the motives of the burgeoning startup’s ambition.

Ursnif Banking Trojan Variant Steals More Than Financial Data

Data Breach Today

Researchers Say Latest Version Evades Detection A variant of the long-running Ursnif banking Trojan is able to better evade security protection and has the ability to steal not only financial information but also email user accounts, the content of inboxes and digital wallets, researchers report

Data 233

DARPA Is Developing an Open-Source Voting System

Schneier on Security

This sounds like a good development: a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.

39% of all existing Counter-Strike 1.6 game servers online are malicious

Security Affairs

Experts at security firm Dr. Web revealed that 39% of all existing Counter-Strike 1.6 game servers online are malicious, an attacker is exploiting zero-day flaws in game clients.

Guest Blog: End-to-End Data Encryption with Data Reduction from Thales & Pure Storage

Thales eSecurity

At the 2019 RSA Conference, Pure Storage and Thales introduced Vormetric Transparent Encryption for Efficient Storage – the IT and security industries’ first end-to-end data encryption framework that realizes storage array data reduction.

Breach of 'Verifications.io' Exposes 763 Million Records

Data Breach Today

Experts Question How 'Big Data Email Verification Platform' Amassed Information Verifications.io, a self-described "big data email verification platform," has suffered a massive breach. Security researcher Bob Diachenko said he discovered the site was exposing 763 million records

Critical Flaw in Swiss Internet Voting System

Schneier on Security

Researchers have found a critical flaw in the Swiss Internet voting system.

It is the first time in the history that civic groups hold a protest against a national CERT

Security Affairs

Demonstration in front of the National CERT of Philippines for failing to act on cyber attacks targeting regime critical media and civil society organizations.

Groups 106

Citrix Hack Exposes Customer Data

Adam Levin

Citrix, a major network software company, had its internal network compromised by what appears to be an international hacking campaign. The company was alerted to the cyberattack by the FBI earlier this month.

Prosecutors Probe Facebook's Data Deals

Data Breach Today

New York Grand Jury Subpoenas Records in Criminal Probe - Report Facebook's data deals continue to be probed.

Data 223

Take your GDPR project to the next level with our compliance packages

IT Governance

For many organisations, last year’s GDPR (General Data Protection Regulation) compliance deadline was a whirlwind of privacy policy updates, data protection training courses and hours spent online researching exactly what a ‘controller’ and ‘processor’ are.

GDPR 93

Experts published details of the actively exploited CVE-2019-0808 Windows Flaw

Security Affairs

Experts from Qihoo 360 disclosed technical details of the actively exploited Windows zero-day flaw CVE-2019-0808 recently patched by Microsoft. Researchers at the security firm Qihoo 360 disclosed technical details of the zero-day vulnerability CVE-2019-0808 that was recently patched by Microsoft.

MY TAKE: Microsoft’s Active Directory lurks as a hackers’ gateway in enterprise networks

The Last Watchdog

Many of our online activities and behaviors rely on trust. From the consumer side, for example, we trust that the business is legitimate and will take care of the sensitive personal information we share with them. But that level of trust goes much deeper on the organizational side. Related: The case for ‘zero-trust’ authentication. Employees are given credentials that allow them authorized access to corporate networks and databases.

Anti-Virus on Android: Beware of Low-Quality Apps

Data Breach Today

More Than Half of AV Apps are Ineffective, Testing Firm Finds More than half of 250 antivirus applications available in Google's Play Store offer insufficient protection against malicious software, according to a new study by testing organizations AV Comparatives.

Study 221

Average cost of cyber crime is now $13 million

IT Governance

The digital landscape is changing quickly, and cyber crime is on the rise. Last year there were 2.3 billion data breaches, compared to 826 million in 2017. With attacks becoming increasingly sophisticated and hard to defend against, they can cost organisations a lot of money each year.

Venezuelan Minister declares Venezuela’s Blackout may be caused by cyberattack carried by US

Security Affairs

V enezuelan Minister of Communication and Information Jorge Rodriguez blamed US cyberattack for Venezuela’s blackout. Last week, Venezuela had suffered a major blackout and Nicolas Maduro immediately blamed on opposition “sabotage” of a hydroelectric dam.

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

The Last Watchdog

When Target fired both its CEO and CIO in 2014, it was a wake-up call for senior management. The firings came as a result of a massive data breach which routed through an HVAC contractor’s compromised account. C-suite execs across the land suddenly realized something similar could happen to them. So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant.

Risk 122

Mental Healthcare Providers Respond to Ransomware Attacks

Data Breach Today

Two Entities Hit - One Pays Ransom; the Other Doesn't Two recent ransomware attacks on mental healthcare providers serve as reminders of the security incident response and risk mitigation pressure faced by entities handling especially sensitive patient information

Defining Intelligent Information Management

AIIM

Recently AIIM released an industry watch report titled, The State of Information Management, Getting Ahead of the Digital Information Curve. In it, AIIM makes the case that every organization is on — or should be on — a Digital Transformation journey.

ECM 84

Payment data of thousands of customers of UK and US online stores could have been compromised

Security Affairs

Group-IB, an international company that specializes in preventing cyberattacks , has uncovered a malicious code designed to steal customers’ payment data on seven online stores in the UK and the US.

Groups 102

One Step Closer to Saudi Vision 2030 | General Auditing Bureau Conclude the Fourth stage of SHAMEL with Everteam

Everteam

Riyadh, KSA – March 2019 – An event was held at the General Auditing bureau to conclude the fourth stage of linking the government entities under GAB’s supervision to the Smart Electronic Auditing Platform “SHAMEL” project with Everteam.