Sat.Mar 30, 2019 - Fri.Apr 05, 2019

Beyond Disaster Recovery

Daymark

For many of us, a rock-solid business continuity/disaster recovery (BC/DR) plan can mean the difference between a good night’s sleep and living in constant fear of impending doom. Hyperbole aside, many BC/DR plans are under-tested, under-architected, and misunderstood by businesses.

MY TAKE: How ‘CASBs’ are evolving to close the security gaps arising from digital transformation

The Last Watchdog

The Cloud Access Security Broker (CASB) space is maturing to keep pace with digital transformation. Related: CASBs needed now, more than ever. Caz-bees first took shape as a cottage industry circa 2013 to 2014 in response to a cry for help from companies reeling from new Shadow IT exposures : the risk created by early-adopter employees, quite often the CEO, insisting on using the latest smartphone and Software-as-a-Services tools, without any shred of security vetting.

Millions of Facebook Records Found Unsecured on AWS

Data Breach Today

Third-Party Apps Left Facebook Users' Data Accessible in the Cloud Two third-party Facebook application developers exposed users' personal information by leaving the data exposed without a password in unsecured Amazon Web Services S3 buckets, researchers from UpGuard say.

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015.

Tips 212

4 Signs Alfresco Is All Growed Up

Weissman's World

Being an information consultant/analyst is a lot like being a parent in that I get to watch companies come into the world, struggle to gain acceptance, and learn to be a force unto themselves (or not).

Groups 190

The German chemicals giant Bayer hit by a cyber attack

Security Affairs

The German chemicals giant Bayer confirmed that of a cyber attack, it confirmed the incident but clarified that no data has been stolen. The chemicals giant Bayer is the last victims of a cyber attack, it confirmed the incident, but pointed out the hackers haven’t stolen any data.

Groups 113

More Trending

Alleged Chief of Romanian ATM Skimming Gang Arrested in Mexico

Krebs on Security

An alleged top boss of a Romanian crime syndicate that U.S. authorities say is responsible for deploying card-skimming devices at Automated Teller Machines (ATMs) throughout North America was arrested in Mexico last week on firearms charges.

Video 206

What exactly is the link between IIM and Digital Transformation?

AIIM

This is part 1 of a four-part series based on our new State of the Industry – Content Services market research study. Every organization is on – or should be on – a Digital Transformation journey.

More than 2 million Apache HTTP servers still affected by CVE-2019-0211 flaw

Security Affairs

Security experts at Rapid7 have discovered that over 2 million Apache HTTP servers are still affected by the CVE-2019-0211 critical privilege escalation flaw.

Sales 112

Maryland Man Sentenced for Leading $4.2 Million BEC Scheme

Data Breach Today

Nkeng Amin Will Serve Substantial Prison Term A 31-year-old Maryland man will serve time in prison for his leadership role in a business email compromise scheme that netted him and five others $4.2 million from 13 victims over a two-year period

242
242

Annual Protest Raises $250K to Cure Krebs

Krebs on Security

Mining 165

Toyota suffers second data breach in five weeks

IT Governance

Toyota has disclosed a data breach that may have affected up to 3.1 million customers. It’s the second time the car manufacturer has been breached in the last five weeks.

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Security Affairs

Attackers Store Malware in Hidden Directories of Compromised HTTPS Sites. Security experts at Zscaler discovered that threat actors are using hidden “well-known” directories of HTTPS sites to store and deliver malicious payloads.

CMS 112

Analysis: Dark Web Arrests Also Led to Ransomware Disruption

Data Breach Today

Coveware Says 'Dream Market' Site Shut Down, Hampering Ransomware Attackers Arrests made last week by European, U.S.

The Internet of Things Will Bring Incredible Innovation

AIIM

The proliferation of technologies across the world has led to a global environment of interconnected devices that allow us to communicate with one another constantly. This exponential growth, in essence, is the Internet of Things.

IoT 100

NEW TECH: CloudKnox takes aim at securing identity privileges for humans — and non-humans

The Last Watchdog

Companies are embracing hybrid cloud deployments like never before, mixing and matching on-premises IT systems with off-premises cloud services. Related: Machine identities present wide open attack vector. To accomplish this, they must grant and manage access privileges to human identities: remote employees, third-party suppliers and far-flung customers.

Cloud 136

Hackers can add, remove cancer and other illnesses from Computer Tomography scans

Security Affairs

Researchers demonstrated that hackers can modify 3D Computer Tomography scans to add or remove evidence of a serious illness, including cancers.

Paper 109

Sen. Warren Wants CEOs Jailed After Big Breaches

Data Breach Today

Bill Would Pave Way for Criminal Charges Against Execs for Corporate Wrongdoing Sen. Elizabeth Warren, D-Mass, has introduced legislation that would pave the way for top executives at major corporations to face criminal charges if their company's wrongdoing leads to harm, such as a major data breach.

Unhackable Cryptography?

Schneier on Security

A recent article overhyped the release of EverCrypt , a cryptography library created using formal methods to prove security against specific attacks. The Quantum magazine article sets off a series of "snake-oil" alarm bells.

Day 1: Leadership in Digital Security

Thales eSecurity

Today marks an exciting milestone as Thales and Gemalto become one company.

Cloud 92

NSA releases the source code of the GHIDRA reverse engineering framework

Security Affairs

NSA released the complete source code for its GHIDRA suite , the version 9.0.2 is available on the Agency’s Github repository. In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA.

E-commerce JavaScript Sniffer Attacks Proliferate: Report

Data Breach Today

Groups 233

Former Mozilla CTO Harassed at the US Border

Schneier on Security

This is a pretty awful story of how Andreas Gal, former Mozilla CTO and US citizen, was detained and threatened at the US border. CBP agents demanded that he unlock his phone and computer. Know your rights when you enter the US. The EFF publishes a handy guide.

Hacker Eva Galperin Has a Plan to Eradicate Stalkerware

WIRED Threat Level

Galperin has already convinced Kaspersky to flag domestic abuse spyware as malware. She expects more to follow. Security Security / Privacy

Experts found 540 Million Facebook user records on unprotected Amazon S3 buckets

Security Affairs

The huge trove of Facebook user data was amassed and stored online on unprotected cloud servers by third-party Facebook app developers. Definitively I can tell you that this is an awful period for Facebook and its users.

Memoir of a Former Black Hat

Data Breach Today

Hector Monsegur on Making the Transition From Hacktivist to Researcher Why trust a former black hat? Hector Monsegur, a former member of LulzSec, describes his transition from hacktivist to researcher

234
234

How Political Campaigns Use Personal Data

Schneier on Security

Really interesting report from Tactical Tech. Data-driven technologies are an inevitable feature of modern political campaigning.

Security testers breach university cyber defences in two hours

IT Governance

More than 50 universities in the UK have had their lack of cyber defences exposed, with security testers breaching their systems in under two hours. The tests were conducted by Jisc, the agency that provides Internet services to the UK’s universities and research centres.

Step By Step Office Dropper Dissection

Security Affairs

Malware researcher and founder of Yoroi Marco Ramill described a step-by-step procedure that shows how to dissect an Office dropper. During the past few weeks, I received several emails asking how to dissect Office Payloads.

City of Albany Latest Local Government Hit With Ransomware

Data Breach Today

Attack Comes After Others That Targeted Counties Albany, New York, is the latest unit of local government hit with ransomware in recent weeks, following similar attacks reported in Georgia and North Carolina that crippled government IT systems and disrupted service for local residents

Adversarial Machine Learning against Tesla's Autopilot

Schneier on Security

Researchers have been able to fool Tesla's autopilot in a variety of ways, including convincing it to drive into oncoming traffic. It requires the placement of stickers on the road.

Third-Party Apps Exposed Over 540 Million Facebook Records

WIRED Threat Level

A cybersecurity firm found that two different third-party Facebook apps left millions of records about users sitting unprotected on Amazon’s servers. Security Security / Privacy

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Security Affairs

Researchers at AT&T Alien Labs have spotted a malware called Xwo that is actively scanning the Internet for exposed web services and default passwords.

Medical Practice to Close in Wake of Ransomware Attack

Data Breach Today

Doctors Decide to Retire Rather Than Pay Ransom or Restore Systems A small Michigan medical practice that plans to permanently shut down in the wake of a recent ransomware attack is an example of the devastation that can result from a serious cyberattack