Sat.Mar 09, 2019 - Fri.Mar 15, 2019

Recapping RSA Conference 2019: No Silver Bullet for Security

Thales eSecurity

I was really looking forward to participating in RSA 2019 and it was a great event. There was tremendous energy and buzz in our booth and on the show floor.

These Cookie Warning Shenanigans Have Got to Stop

Troy Hunt

This will be short, ranty and to the point: these warnings are getting ridiculous: I know, tell you something you don't know! The whole ugly issue reared its head again on the weekend courtesy of the story in this tweet: I’m not sure if this makes it better or worse.

Mining 113

On Surveillance in the Workplace

Schneier on Security

Tools 86

Cover Your NAS Against Nasty Cr1ptT0r Ransomware

Data Breach Today

Crypto-Locking Extortion Targets Internet-Exposed D-Link Devices Criminals wielding a new strain of ransomware called Cr1ptT0r are targeting network-attached storage users.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Ad Network Sizmek Probes Account Breach

Krebs on Security

Online advertising firm Sizmek Inc. [ NASDAQ: SZMK ] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers.

More Trending

MY TAKE: What the Ethiopian 737 Max 8 crash should tell us about the safety of ‘smart’ jetliners

The Last Watchdog

When news broke about the crash of a Ethiopian Airlines Boeing 737, the first question that popped into my head was whether an older 737 model, still using the flawed rudder actuator, might have been involved. Related: Historical context of the rudder flaws on older model 737s. Of course it was actually the newest iteration of the 737, the Max 8. I’m no longer covering aviation.

Course 154

Citrix Hacked by Password-Spraying Attackers, FBI Warns

Data Breach Today

Cyber-Espionage Campaign Appears Separate to Recent Credential-Stuffing Breach Citrix Systems is investigating a suspected hack attack, resulting in the theft of business documents, after being tipped off by the FBI.

Insert Skimmer + Camera Cover PIN Stealer

Krebs on Security

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs.

Video 205

Vulnerabilities in car alarm systems exposed 3 million cars to hack

Security Affairs

Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack.

Demo 113

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

There are certain things we as consumers have come to do intuitively: brushing our teeth in the morning; looking both ways before crossing a city street; buckling up when we get into a car. Related: What needs to happen to enable driverless transportation — safely. In the not too distant future, each one of us will need to give pause, on a daily basis, to duly consider how we purchase and use Internet of Things devices and services. This is coming.

IoT 152

Breach of 'Verifications.io' Exposes 763 Million Records

Data Breach Today

Experts Question How 'Big Data Email Verification Platform' Amassed Information Verifications.io, a self-described "big data email verification platform," has suffered a massive breach. Security researcher Bob Diachenko said he discovered the site was exposing 763 million records

Patch Tuesday, March 2019 Edition

Krebs on Security

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on.

Tips 169

Experts published details of the actively exploited CVE-2019-0808 Windows Flaw

Security Affairs

Experts from Qihoo 360 disclosed technical details of the actively exploited Windows zero-day flaw CVE-2019-0808 recently patched by Microsoft. Researchers at the security firm Qihoo 360 disclosed technical details of the zero-day vulnerability CVE-2019-0808 that was recently patched by Microsoft.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Citrix Hack Exposes Customer Data

Adam Levin

Citrix, a major network software company, had its internal network compromised by what appears to be an international hacking campaign. The company was alerted to the cyberattack by the FBI earlier this month.

Georgia County Pays $400,000 to Ransomware Attackers

Data Breach Today

Cybercrime Gang Wielding Ryuk Eyed as Culprit Officials in Jackson County, Georgia, along with the FBI are investigating a ransomware attack that crippled IT systems over a two-week period and reportedly led local officials to pay a bitcoin ransom worth $400,000 to restore systems and infrastructur

With Privacy as Its Shield, Facebook Hopes To Conquer the Entire Internet.

John Battelle's Searchblog

Never mind that man behind the privacy curtain. I’ll never forget a meal I had with a senior executive at Facebook many years ago, back when I was just starting to question the motives of the burgeoning startup’s ambition.

Venezuelan Minister declares Venezuela’s Blackout may be caused by cyberattack carried by US

Security Affairs

V enezuelan Minister of Communication and Information Jorge Rodriguez blamed US cyberattack for Venezuela’s blackout. Last week, Venezuela had suffered a major blackout and Nicolas Maduro immediately blamed on opposition “sabotage” of a hydroelectric dam.

DARPA Is Developing an Open-Source Voting System

Schneier on Security

This sounds like a good development: a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.

Ursnif Banking Trojan Variant Steals More Than Financial Data

Data Breach Today

Researchers Say Latest Version Evades Detection A variant of the long-running Ursnif banking Trojan is able to better evade security protection and has the ability to steal not only financial information but also email user accounts, the content of inboxes and digital wallets, researchers report

Data 240

Take your GDPR project to the next level with our compliance packages

IT Governance

For many organisations, last year’s GDPR (General Data Protection Regulation) compliance deadline was a whirlwind of privacy policy updates, data protection training courses and hours spent online researching exactly what a ‘controller’ and ‘processor’ are.

GDPR 99

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

Security Affairs

One of the zero-day flaws ( CVE-2019-0797 ) patched this week by Microsoft has been exploited in targeted attacks by several threats groups, including FruityArmor and SandCat APT groups.

Groups 105

Critical Flaw in Swiss Internet Voting System

Schneier on Security

Researchers have found a critical flaw in the Swiss Internet voting system.

Anti-Virus on Android: Beware of Low-Quality Apps

Data Breach Today

More Than Half of AV Apps are Ineffective, Testing Firm Finds More than half of 250 antivirus applications available in Google's Play Store offer insufficient protection against malicious software, according to a new study by testing organizations AV Comparatives.

Study 229

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

The Last Watchdog

When Target fired both its CEO and CIO in 2014, it was a wake-up call for senior management. The firings came as a result of a massive data breach which routed through an HVAC contractor’s compromised account. C-suite execs across the land suddenly realized something similar could happen to them. So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant.

Risk 135

A few binary plating 0-days for Windows

Security Affairs

While we were thinking about a way to escalate privileges during a pen-test, we discovered that most Windows installations were vulnerable to binary planting.

Average cost of cyber crime is now $13 million

IT Governance

The digital landscape is changing quickly, and cyber crime is on the rise. Last year there were 2.3 billion data breaches, compared to 826 million in 2017. With attacks becoming increasingly sophisticated and hard to defend against, they can cost organisations a lot of money each year.

Ransomware Attack on Vendor Affects 600,000

Data Breach Today

What’s the difference between data mining and text mining?

OpenText Information Management

Even though data mining and text mining are often seen as complementary analytic processes that solve business problems through data analysis, they differ on the type of data they handle.

Payment data of thousands of customers of UK and US online stores could have been compromised

Security Affairs

Group-IB, an international company that specializes in preventing cyberattacks , has uncovered a malicious code designed to steal customers’ payment data on seven online stores in the UK and the US.

Groups 104

Judging Facebook's Privacy Shift

Schneier on Security

Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions.

Mental Healthcare Providers Respond to Ransomware Attacks

Data Breach Today

Two Entities Hit - One Pays Ransom; the Other Doesn't Two recent ransomware attacks on mental healthcare providers serve as reminders of the security incident response and risk mitigation pressure faced by entities handling especially sensitive patient information