Sat.Oct 27, 2018 - Fri.Nov 02, 2018

85 Millions of voter records available for sale ahead of the 2018 US Midterm Elections

Security Affairs

Ahead of the 2018 US midterm elections , sellers are flooding the cybercrime underground markets with data from voter databases. Experts at cybersecurity company Carbon Black found tens of different state voter databases available for sale on the dark web.

Sales 101

SMS Phishing + Cardless ATM = Profit

Krebs on Security

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.

NEW TECH: How ‘adaptive multi-factor authentication’ is gaining traction via partnerships

The Last Watchdog

Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Related: Why a ‘zero-trust’ approach to security is necessary.

Mirai Co-Author Gets House Arrest, $8.6 Million Fine

Data Breach Today

Paras Jha Launched DDoS Attacks Against Rutgers, Ran Click-Fraud Botnets One of the co-authors of the devastating Mirai botnet malware has been sentenced to home incarceration and community service, and ordered to pay $8.6

243

0x20k of Ghost Squad Hackers Releases ODay Exploit Targeting Apache Hadoop

Security Affairs

0x20k of Ghost Squad Hackers has released the full source code of the 0day exploit used to targeting Apache Hadoop and build the FICORA Botnet.

Equifax Has Chosen Experian. Wait, What?

Krebs on Security

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

The Last Watchdog

The United States has experienced the most cybersecurity breaches in the world and the Equifax Breach was one of the first to be considered a “mega breach.”. The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax’s chief information security officer was a music major and did not have a background in technology. Equifax was not special in this regard. Related: How social media is used to spread malware, influence elections.

More Trending

Iran hit by a more aggressive and sophisticated Stuxnet version

Security Affairs

Iran’s strategic network was hit by a new destructive and sophisticated version of the Stuxnet cyber weapon, the Hadashot TV reports.

Buying Used Voting Machines on eBay

Schneier on Security

This is not surprising : This year, I bought two more machines to see if security had improved.

List of data breaches and cyber attacks in October 2018 – 44,701,278 records leaked

IT Governance

Rather than posting the usual long list of data breaches and cyber attacks, I’ve decided to go down a new route. These monthly blogs will now look at three lesser-known stories in detail, as well as give a total number for all records exposed in the month.

US Again Indicts Chinese Intel Agents Over Hacking

Data Breach Today

Scheme Sought to Steal Data on Turbofan Engines, Saving on Development Costs The Justice Department says two Chinese intelligence officers and eight others were indicted for stealing trade secrets that are intended to help the country shortcut technology research.

Data 227

A few hours after Apple released iOS 12.1, a researcher presented a Passcode Bypass issue

Security Affairs

A few hours after Apple released iOS 12.1 the iPhone bug hunter Jose Rodriguez has found a new passcode bypass issue that could be exploited to see all contacts’ private information on a locked iPhone.

Cell Phone Security and Heads of State

Schneier on Security

Earlier this week, the New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cell phone and using the information gleaned to better influence his behavior. This should surprise no one.

List of data breaches and cyber attacks in October 2018 – 44,701,278 records leaked

IT Governance

Rather than posting the usual long list of data breaches and cyber attacks, I’ve decided to go down a new route. These monthly blogs will now look at three lesser-known stories in detail, as well as give a total number for all records exposed in the month.

Canada's Mandatory Breach Notification Rules Now in Effect

Data Breach Today

Organizations Must Comply With Data Breach Reporting Requirements or Face Fines Private sector organizations in Canada must now report all serious data breaches to the country's privacy watchdog as part of revised rules to Canada's PIPEDA privacy law.

Cyber attack exposes sensitive data about a nuclear power plant in France

Security Affairs

A cyber attack on a French firm Ingerop allowed attackers to access confidential documents related to nuclear power plant plans in France.

Security Vulnerability in Internet-Connected Construction Cranes

Schneier on Security

This seems bad: The F25 software was found to contain a capture replay vulnerability -- basically an attacker would be able to eavesdrop on radio transmissions between the crane and the controller, and then send their own spoofed commands over the air to seize control of the crane.

3 cyber security tips every employee should know

IT Governance

Worried that you or someone in your organisation will be responsible for a data breach? Then take a look at these three basic tips for staying secure. Cyber security can feel overwhelming.

Tips 103

Health Data Breach Tally: Analyzing the Latest Trends

Data Breach Today

Sorting Out What Kinds of Incidents Are Most Common This Year What kinds of health data breaches have been most common so far in 2018? An analysis of the official HHS breach tally reveals the latest trends, and security experts offer an analysis

CISCO warn of a zero-day DoS flaw that is being actively exploited in attacks

Security Affairs

Security experts from CISCO warn of a zero-day vulnerability that is being actively exploited in attacks in the wild. The flaw, tracked as CVE-2018-15454, affects the Session Initiation Protocol (SIP) inspection engine of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD).

Access 106

More on the Supermicro Spying Story

Schneier on Security

I've blogged twice about the Bloomberg story that China bugged Supermicro networking equipment destined to the US. We still don't know if the story is true, although I am increasingly skeptical because of the lack of corroborating evidence to emerge.

Blog 102

3 cyber security tips every employee should know

IT Governance

Worried that you or someone in your organisation will be responsible for a data breach? Then take a look at these three basic tips for staying secure. Cyber security can feel overwhelming.

Tips 103

Radisson Suffers Global Loyalty Program Data Breach

Data Breach Today

Hotel Giant Has Yet to Disclose Total Number of Affected Victims Radisson Hotel Group has suffered a data breach that resulted in the theft of data for its global loyalty program members. The company, which operates 1,400 hotels, says the breach touched data for "less than 10 percent" of all Radisson Rewards members, but it hasn't released a victim count

A few dollars to bring down sites with new Bushido-based DDoS-for-hire service

Security Affairs

Security researchers at FortiGuard Labs have discovered a new DDoS-for-hire service called “ 0x-booter” built with leaked code that implements an easy to use interface.

Ransomware, Leakware, Scareware… Oh My!

Thales Data Security

The unexplained and seemingly paranormal are actually a year-round phenomenon in IT Security. This year has been no exception. The shrieks and screams coming from CISOs and their staffs over malware has led to zombie-like stares.

3 reasons cyber security training is essential

IT Governance

Organisations are always looking for ways to improve their cyber security defences, but they often overlook the value of enrolling their employees on cyber security training courses. Here are three reasons to consider it: Reduce the risk of data breaches.

The Business Case for Better 'Cyber Hygiene'

Data Breach Today

The Radisson Hotel Group has suffered a data breach

Security Affairs

The hotel chain Radisson Hotel Group suffered a security breach that exposed personal information of the members of its loyalty scheme.

Groups 103

Essential Reading: The 2018 Gartner Magic Quadrant for Content Services Platforms

OpenText Information Management

Each year, the highly respected analysts at Gartner publish their assessment of the content management sector—the Gartner Magic Quadrant for Content Services Platforms. It’s highly recommended reading for everyone involved in the ECM/Content Services space.

3 reasons cyber security training is essential

IT Governance

Organisations are always looking for ways to improve their cyber security defences, but they often overlook the value of enrolling their employees on cyber security training courses. Here are three reasons to consider it: Reduce the risk of data breaches.

IBM to Buy Red Hat for $34 Billion

Data Breach Today

Big Blue Moves to Acquire Enterprise Provider of Linux Open Source Software IBM plans to acquire enterprise Linux open source software provider Red Hat in a "hybrid cloud" deal valued at $33 billion that IBM CEO Ginni Rometty promises will be a "game changer."

Cloud 190

FIFA was hacked again, this is the second hack in a year

Security Affairs

According to the New York Times, FIFA has suffered the second hack in a year, new documents are set to be published on Friday by Football Leaks. The Fédération Internationale de Football Association, aka FIFA, is a governing body of association football, futsal, and beach soccer.

Chinese Government Agents Charged with Hacking, IP Theft

Adam Levin

The U.S. Justice Department announced charges against ten Chinese intelligence agents for hacking into computer systems belonging to U.S. and international companies to steal aerospace technology and data.

Money 20/20 USA, Part II: Revolution or Evolution?

Thales Data Security

In part one of my Money 20/20 2018 blog, I touched on digital identity solutions and blockchain. Below, I expand on open banking, secure remote commerce, and share my overall take on what the conference indicates for the industry at large. Open banking: the glass is half full for a select few.

Business Email Compromise: Must-Have Defenses

Data Breach Today

David Stubley of 7 Elements Shares BEC Incident Response Lessons Learned Want to better block business email compromise - CEO fraud - attacks outright, as well as be able to spot and respond more quickly to any BEC attacks that get through.

178

Cyber mercenaries and insiders hired by Chinese intelligence to hack aerospace and tech firms

Security Affairs

According to the U.S. Department of Justice, the Chinese intelligence officers recruited hackers and insiders to hack aerospace and tech firms.

GDPR compliance: why you should consider BS 10012 certification

IT Governance

The EU GDPR (General Data Protection Regulation) hasn’t been around for long but we’re already seeing a huge increase in reported data breaches to the ICO (Information Commissioner’s Office). In the past two years, the number of reported data breaches has risen by 75%.