Sat.Mar 30, 2019 - Fri.Apr 05, 2019

Beyond Disaster Recovery

Daymark

For many of us, a rock-solid business continuity/disaster recovery (BC/DR) plan can mean the difference between a good night’s sleep and living in constant fear of impending doom. Hyperbole aside, many BC/DR plans are under-tested, under-architected, and misunderstood by businesses.

MY TAKE: How ‘CASBs’ are evolving to close the security gaps arising from digital transformation

The Last Watchdog

The Cloud Access Security Broker (CASB) space is maturing to keep pace with digital transformation. Related: CASBs needed now, more than ever. Caz-bees first took shape as a cottage industry circa 2013 to 2014 in response to a cry for help from companies reeling from new Shadow IT exposures : the risk created by early-adopter employees, quite often the CEO, insisting on using the latest smartphone and Software-as-a-Services tools, without any shred of security vetting.

Millions of Facebook Records Found Unsecured on AWS

Data Breach Today

Third-Party Apps Left Facebook Users' Data Accessible in the Cloud Two third-party Facebook application developers exposed users' personal information by leaving the data exposed without a password in unsecured Amazon Web Services S3 buckets, researchers from UpGuard say.

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015.

Tips 224

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

4 Signs Alfresco Is All Growed Up

Weissman's World

Being an information consultant/analyst is a lot like being a parent in that I get to watch companies come into the world, struggle to gain acceptance, and learn to be a force unto themselves (or not).

Groups 197

More Trending

Toyota Reveals a Second Data Breach

Data Breach Today

Hackers Targeted Servers Storing Data on 3.1 Million Customers Toyota Motor Corp. has reported its second data breach in the past five weeks. The latest incident, revealed Friday, may have exposed data on as many as 3.1 million customers

Alleged Chief of Romanian ATM Skimming Gang Arrested in Mexico

Krebs on Security

An alleged top boss of a Romanian crime syndicate that U.S. authorities say is responsible for deploying card-skimming devices at Automated Teller Machines (ATMs) throughout North America was arrested in Mexico last week on firearms charges.

Video 220

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Security Affairs

Attackers Store Malware in Hidden Directories of Compromised HTTPS Sites. Security experts at Zscaler discovered that threat actors are using hidden “well-known” directories of HTTPS sites to store and deliver malicious payloads.

CMS 113

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

Identity governance and administration, or IGA , has suddenly become a front-burner matter at many enterprises. Related: Identity governance issues in the age of digital transformation. This is, in large part, because the complexity of business networks continues to escalate at a time when compliance mandates are intensifying. I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Analysis: Dark Web Arrests Also Led to Ransomware Disruption

Data Breach Today

Coveware Says 'Dream Market' Site Shut Down, Hampering Ransomware Attackers Arrests made last week by European, U.S.

Annual Protest Raises $250K to Cure Krebs

Krebs on Security

Mining 176

More than 2 million Apache HTTP servers still affected by CVE-2019-0211 flaw

Security Affairs

Security experts at Rapid7 have discovered that over 2 million Apache HTTP servers are still affected by the CVE-2019-0211 critical privilege escalation flaw.

Sales 111

What exactly is the link between IIM and Digital Transformation?

AIIM

This is part 1 of a four-part series based on our new State of the Industry – Content Services market research study. Every organization is on – or should be on – a Digital Transformation journey.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Maryland Man Sentenced for Leading $4.2 Million BEC Scheme

Data Breach Today

Nkeng Amin Will Serve Substantial Prison Term A 31-year-old Maryland man will serve time in prison for his leadership role in a business email compromise scheme that netted him and five others $4.2 million from 13 victims over a two-year period

249
249

Toyota suffers second data breach in five weeks

IT Governance

Toyota has disclosed a data breach that may have affected up to 3.1 million customers. It’s the second time the car manufacturer has been breached in the last five weeks.

The German chemicals giant Bayer hit by a cyber attack

Security Affairs

The German chemicals giant Bayer confirmed that of a cyber attack, it confirmed the incident but clarified that no data has been stolen. The chemicals giant Bayer is the last victims of a cyber attack, it confirmed the incident, but pointed out the hackers haven’t stolen any data.

Groups 111

The Internet of Things Will Bring Incredible Innovation

AIIM

The proliferation of technologies across the world has led to a global environment of interconnected devices that allow us to communicate with one another constantly. This exponential growth, in essence, is the Internet of Things.

IoT 105

Sen. Warren Wants CEOs Jailed After Big Breaches

Data Breach Today

Bill Would Pave Way for Criminal Charges Against Execs for Corporate Wrongdoing Sen. Elizabeth Warren, D-Mass, has introduced legislation that would pave the way for top executives at major corporations to face criminal charges if their company's wrongdoing leads to harm, such as a major data breach.

Former Mozilla CTO Harassed at the US Border

Schneier on Security

This is a pretty awful story of how Andreas Gal, former Mozilla CTO and US citizen, was detained and threatened at the US border. CBP agents demanded that he unlock his phone and computer. Know your rights when you enter the US. The EFF publishes a handy guide.

Hackers can add, remove cancer and other illnesses from Computer Tomography scans

Security Affairs

Researchers demonstrated that hackers can modify 3D Computer Tomography scans to add or remove evidence of a serious illness, including cancers.

Paper 109

OpenText announces winners of the 2019 Partner Awards at Enterprise World

OpenText Information Management

The OpenText™ Partner Awards, presented annually at OpenText Enterprise World (EW), recognize our global Partners for their commitment to helping customers transform and maximize the potential of the intelligent and connected enterprise.

E-commerce JavaScript Sniffer Attacks Proliferate: Report

Data Breach Today

Groups 242

Unhackable Cryptography?

Schneier on Security

A recent article overhyped the release of EverCrypt , a cryptography library created using formal methods to prove security against specific attacks. The Quantum magazine article sets off a series of "snake-oil" alarm bells.

NSA releases the source code of the GHIDRA reverse engineering framework

Security Affairs

NSA released the complete source code for its GHIDRA suite , the version 9.0.2 is available on the Agency’s Github repository. In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA.

About that information leak: It’s coming from inside the organization

OpenText Information Management

Law firms are often considered a soft target when it comes to data security: one in five law firms was hacked last year and six major law firms were hacked in recent history.

Blog 89

Memoir of a Former Black Hat

Data Breach Today

Hector Monsegur on Making the Transition From Hacktivist to Researcher Why trust a former black hat? Hector Monsegur, a former member of LulzSec, describes his transition from hacktivist to researcher

243
243

How Political Campaigns Use Personal Data

Schneier on Security

Really interesting report from Tactical Tech. Data-driven technologies are an inevitable feature of modern political campaigning.

Expert disclosed two Zero-Day flaws in Microsoft browsers

Security Affairs

The 20-year-old security researcher James Lee publicly disclosed details and proof-of-concept exploits for two zero-day vulnerabilities in Microsoft web browsers. The expert opted to disclose the flaw after the tech giant allegedly failed to address the zero-day issues privately he reported.

Access 107

Security testers breach university cyber defences in two hours

IT Governance

More than 50 universities in the UK have had their lack of cyber defences exposed, with security testers breaching their systems in under two hours. The tests were conducted by Jisc, the agency that provides Internet services to the UK’s universities and research centres.

City of Albany Latest Local Government Hit With Ransomware

Data Breach Today

Attack Comes After Others That Targeted Counties Albany, New York, is the latest unit of local government hit with ransomware in recent weeks, following similar attacks reported in Georgia and North Carolina that crippled government IT systems and disrupted service for local residents

Adversarial Machine Learning against Tesla's Autopilot

Schneier on Security

Researchers have been able to fool Tesla's autopilot in a variety of ways, including convincing it to drive into oncoming traffic. It requires the placement of stickers on the road.