Sat.Dec 08, 2018 - Fri.Dec 14, 2018

Scanning for Flaws, Scoring for Security

Krebs on Security

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices?

Expert devised a new WiFi hack that works on WPA/WPA2

Security Affairs

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers.

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Data Breach Today

Privacy Watchdog Counts 41 Daily Breach Reports Since GDPR Enforcement Began The U.K.'s s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the publi

New Australian Backdoor Law

Schneier on Security

Last week, Australia passed a law [link] the government the ability to demand backdoors in computers and communications systems. Details are still to be defined , but it's really bad. Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things.

How Internet Savvy are Your Leaders?

Krebs on Security

Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn’t pay a bill for some kind of dubious-looking service I’d never heard of.

Hackers defaced Linux.org with DNS hijack

Security Affairs

The Linux.org website was defaced last week via DNS hijack, attackers breached into associated registrar account and changed the DNS settings.

More Trending

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

Patch Tuesday, December 2018 Edition

Krebs on Security

Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications.

Operation Sharpshooter targets critical infrastructure and global defense

Security Affairs

McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide.

Fresh Google+ Bug Exposed 52.2 Million Users' Data

Data Breach Today

Google Advances Date for Mothballing Google+ Social Network for Consumers Google says a buggy API update it pushed last month for its soon-to-be-mothballed Google+ social network exposed personal information for 52.2 million users.

Data 210

How long do you have to report a data breach?

IT Governance

This blog has been updated to reflect industry updates. Originally published 24 October 2018. The first 72 hours after you become aware of a data breach are critical.

Spammed Bomb Threat Hoax Demands Bitcoin

Krebs on Security

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day. Sources at multiple U.S. based financial institutions reported receiving the threats, which included the subject line, “I advise you not to call the police.” ” The email reads: My man carried a bomb (Hexogen) into the building where your company is located.

New threat actor SandCat exploited recently patched CVE-2018-8611 0day

Security Affairs

Experts from Kaspersky Lab reported that that the recently patched Windows kernel zero-day vulnerability ( CVE-2018-8611 ) has been exploited by several threat actors.

Super Micro: Audit Didn't Find Chinese Spying Chip

Data Breach Today

Firm Says Audit 'Lays to Rest the Unwarranted Accusations' Super Micro says a third-party audit of recent and older motherboards has not turned up evidence of a spying chip as alleged in an explosive report two months ago by Bloomberg BusinessWeek.

Marriott Hack Reported as Chinese State-Sponsored

Schneier on Security

The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true.

Tools 97

Google finds bug in Google+ – 52.5 million users affected

IT Governance

Google has announced yet another data breach affecting its Google+ social network.

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs

Security experts at Trend Micro have discovered a new exploit kit, dubbed Novidade (“novelty” in Portuguese), that is targeting SOHO routers to compromise the devices connected to the network equipment.

Trends 105

Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

2018 Annual Report from AI Now

Schneier on Security

The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading. artificialintelligence reports securityengineering

An open letter to our customers and partners

Thales eSecurity

As you will no doubt have heard by now, Thales and Gemalto announced last December that they had reached an agreement under which Thales will acquire Gemalto by way of an all-cash offer, upon receipt of all regulatory clearances.

Blog 90

Seedworm APT Group targeted more than 130 victims in 30 organizations since Sept

Security Affairs

‘ The Seedworm APT Group has targeted more than 130 victims in 30 organizations since September including NGOs, oil and gas, and telecom businesses.

Groups 104

Credit Card System Hack Led to HIPAA Breach Report

Data Breach Today

Baylor Scott & White Medical Center - Frisco Notifying Those Affected The hacking of a credit card processing system has prompted a Texas hospital to notify federal regulators and affected individuals of a breach as required by the HIPAA Breach Notification Rule

201
201

Top 10 Data Governance Predictions for 2019

erwin

This past year witnessed a data governance awakening – or as the Wall Street Journal called it, a “global data governance reckoning.” There was tremendous data drama and resulting trauma – from Facebook to Equifax and from Yahoo to Marriott. The list goes on and on.

GUEST ESSAY: ‘Tis the season — to take proactive measures to improve data governance

The Last Watchdog

The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December. Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora. Related podcast: The need to lock down unstructured data. Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting many customers.

Cyber attack hit the Italian oil and gas services company Saipem

Security Affairs

Some of the servers of the Italian oil and gas services company Saipem were hit by a cyber attack early this week. Saipem has customers in more than 60 countries, including Saudi Arabian oil and gas giant Saudi Aramco. It could be considered a strategic target for a broad range of threat actors.

How to Maximize Data Used to Fight Fraud

Data Breach Today

Splunk's Jim Apger on Streamlining Omni-Channel Defenses The data being used to drive effective anti-fraud efforts can be rich in context and useful for other activities. Jim Apger of Splunk describes emerging fraud schemes and solutions, highlighting the role of machine learning

How To 183

Your DPO questions answered

IT Governance

Organisations have had to get a lot more serious about data processing and information security since the EU GDPR (General Data Protection Regulation) came into effect earlier this year.

NetSecOPEN names founding members, appoints inaugural board of directors

The Last Watchdog

SAN JOSE, Calif. – 11, 2018 – NetSecOPEN , the first industry organization focused on the creation of open, transparent network security performance testing standards, today announced that 11 prominent security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members. Related podcast: The importance of sharing alliances.

WordPress botnet composed of +20k installs targets other sites

Security Affairs

Experts from security firm Wordfence discovered a Botnet of 20,000 WordPress Sites Infecting other WordPress installs.

CMS 103

HIPAA Case: Hospital Fined for Ex-Employee's Access to PHI

Data Breach Today

Enforcement Action is the Third in Recent Weeks, Eighth This Year In its third enforcement action in recent weeks, federal regulators have hit a Colorado medical center with a HIPAA fine in a case involving failure to terminate a former employee's remote access to patient data.

Access 177

Do schools need to appoint a data protection officer?

IT Governance

Finding a qualified DPO is arguably one of the GDPR’s hardest requirements, but is it something that schools need to be concerned about? The EU GDPR (General Data Protection Regulation) contains particularly strong requirements for protecting children’s data.

GUEST ESSAY: Why corporate culture plays such a pivotal role in deterring data breaches

The Last Watchdog

Picture two castles. The first is impeccably built – state of the art, with impenetrable walls, a deep moat, and so many defenses that attacking it is akin to suicide. The second one isn’t quite as well-made. The walls are reasonably strong, but there are clear structural weaknesses. And while it does have a moat, that moat is easily forded. Related podcast: The case for ‘zero-trust’ security. Obviously, on paper the castle with better defenses is the one that survives a siege.

ID Numbers for 120 Million Brazilians taxpayers exposed online

Security Affairs

InfoArmor discovered a misconfigured server online that contained taxpayer identification numbers for 120 million Brazilian taxpayers.

Reports: China Suspected In Marriott Database Breach

Data Breach Today

But Experts Caution Forensic Evidence is Lacking Hackers linked with China are suspected to be behind the four-year breach of Marriott's Starwood guest reservation system, Reuters reports on Wednesday. The suggestion is likely to contribute to increased tension between the U.S. and China

174
174