Sat.Dec 08, 2018 - Fri.Dec 14, 2018

Scanning for Flaws, Scoring for Security

Krebs on Security

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices?

Expert devised a new WiFi hack that works on WPA/WPA2

Security Affairs

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers.

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Data Breach Today

Privacy Watchdog Counts 41 Daily Breach Reports Since GDPR Enforcement Began The U.K.'s s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the publi

GUEST ESSAY: ‘Tis the season — to take proactive measures to improve data governance

The Last Watchdog

The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December. Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora. Related podcast: The need to lock down unstructured data. Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting many customers.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

How Internet Savvy are Your Leaders?

Krebs on Security

Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn’t pay a bill for some kind of dubious-looking service I’d never heard of.

More Trending

Equifax Breach 'Entirely Preventable,' House Report Finds

Data Breach Today

Democrats Slam Republican Report for Not Advancing New Breach-Prevention Laws The massive data breach suffered by Equifax in 2017 "was entirely preventable," according to a report released by the House Oversight Committee's Republican majority.

GUEST ESSAY: Why corporate culture plays such a pivotal role in deterring data breaches

The Last Watchdog

Picture two castles. The first is impeccably built – state of the art, with impenetrable walls, a deep moat, and so many defenses that attacking it is akin to suicide. The second one isn’t quite as well-made. The walls are reasonably strong, but there are clear structural weaknesses. And while it does have a moat, that moat is easily forded. Related podcast: The case for ‘zero-trust’ security. Obviously, on paper the castle with better defenses is the one that survives a siege.

Patch Tuesday, December 2018 Edition

Krebs on Security

Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications.

How long do you have to report a data breach?

IT Governance

This blog has been updated to reflect industry updates. Originally published 24 October 2018. The first 72 hours after you become aware of a data breach are critical.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Fresh Google+ Bug Exposed 52.2 Million Users' Data

Data Breach Today

Google Advances Date for Mothballing Google+ Social Network for Consumers Google says a buggy API update it pushed last month for its soon-to-be-mothballed Google+ social network exposed personal information for 52.2 million users.

Data 224

NetSecOPEN names founding members, appoints inaugural board of directors

The Last Watchdog

SAN JOSE, Calif. – 11, 2018 – NetSecOPEN , the first industry organization focused on the creation of open, transparent network security performance testing standards, today announced that 11 prominent security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members. Related podcast: The importance of sharing alliances.

Spammed Bomb Threat Hoax Demands Bitcoin

Krebs on Security

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day. Sources at multiple U.S. based financial institutions reported receiving the threats, which included the subject line, “I advise you not to call the police.” ” The email reads: My man carried a bomb (Hexogen) into the building where your company is located.

Operation Sharpshooter targets critical infrastructure and global defense

Security Affairs

McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Credit Card System Hack Led to HIPAA Breach Report

Data Breach Today

Baylor Scott & White Medical Center - Frisco Notifying Those Affected The hacking of a credit card processing system has prompted a Texas hospital to notify federal regulators and affected individuals of a breach as required by the HIPAA Breach Notification Rule

221
221

Google finds bug in Google+ – 52.5 million users affected

IT Governance

Google has announced yet another data breach affecting its Google+ social network.

New Australian Backdoor Law

Schneier on Security

Last week, Australia passed a law [link] the government the ability to demand backdoors in computers and communications systems. Details are still to be defined , but it's really bad. Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things.

New threat actor SandCat exploited recently patched CVE-2018-8611 0day

Security Affairs

Experts from Kaspersky Lab reported that that the recently patched Windows kernel zero-day vulnerability ( CVE-2018-8611 ) has been exploited by several threat actors.

Super Micro: Audit Didn't Find Chinese Spying Chip

Data Breach Today

Firm Says Audit 'Lays to Rest the Unwarranted Accusations' Super Micro says a third-party audit of recent and older motherboards has not turned up evidence of a spying chip as alleged in an explosive report two months ago by Bloomberg BusinessWeek.

Your DPO questions answered

IT Governance

Organisations have had to get a lot more serious about data processing and information security since the EU GDPR (General Data Protection Regulation) came into effect earlier this year.

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs

Security experts at Trend Micro have discovered a new exploit kit, dubbed Novidade (“novelty” in Portuguese), that is targeting SOHO routers to compromise the devices connected to the network equipment.

Trends 104

Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

How the ICO measures GDPR compliance

IT Governance

Whenever someone mentions the GDPR (General Data Protection Regulation) , one of the first things they discuss is the potential for huge fines that it brings. But there’s no universal system for monitoringcompliance and handing out fines.

GDPR 84

Marriott Hack Reported as Chinese State-Sponsored

Schneier on Security

The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true.

Tools 86

Seedworm APT Group targeted more than 130 victims in 30 organizations since Sept

Security Affairs

‘ The Seedworm APT Group has targeted more than 130 victims in 30 organizations since September including NGOs, oil and gas, and telecom businesses.

Groups 104

How to Maximize Data Used to Fight Fraud

Data Breach Today

Splunk's Jim Apger on Streamlining Omni-Channel Defenses The data being used to drive effective anti-fraud efforts can be rich in context and useful for other activities. Jim Apger of Splunk describes emerging fraud schemes and solutions, highlighting the role of machine learning

How To 202

Do schools need to appoint a data protection officer?

IT Governance

Finding a qualified DPO is arguably one of the GDPR’s hardest requirements, but is it something that schools need to be concerned about? The EU GDPR (General Data Protection Regulation) contains particularly strong requirements for protecting children’s data.

5 Reasons Why Information Governance and Cybersecurity Go Hand in Hand

InfoGoTo

It’s a logical partnership. Those who know and manage the data working closely with those who strive to protect it – information governance and IT functioning in tandem.

WordPress botnet composed of +20k installs targets other sites

Security Affairs

Experts from security firm Wordfence discovered a Botnet of 20,000 WordPress Sites Infecting other WordPress installs.

CMS 103

HIPAA Case: Hospital Fined for Ex-Employee's Access to PHI

Data Breach Today

Enforcement Action is the Third in Recent Weeks, Eighth This Year In its third enforcement action in recent weeks, federal regulators have hit a Colorado medical center with a HIPAA fine in a case involving failure to terminate a former employee's remote access to patient data.

Access 196

2018 Annual Report from AI Now

Schneier on Security

The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading. artificialintelligence reports securityengineering