Sat.Feb 09, 2019 - Fri.Feb 15, 2019

Blockchain and Trust

Schneier on Security

In his 2008 white paper that first proposed bitcoin , the anonymous Satoshi Nakamoto concluded with: "We have proposed a system for electronic transactions without relying on trust." He was referring to blockchain , the system behind bitcoin cryptocurrency.

Malicious PDF Analysis

Security Affairs

In the last few days I have done some analysis on malicious documents, especially PDF. Then I thought, “Why not turn a PDF analysis into an article?”

How to Create a Dream Team for the New Age of Cybersecurity

Dark Reading

When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them

Japan's Credit Card Fraud Debacle

Data Breach Today

Fraudsters Received 20 Percent Cashback for Fraudulent Purchases A convergence of events in December in Japan led to an unprecedented spike in card-not-present fraud. New statistics from a dark web monitoring firm explains how a promotion by PayPay, a third-party payments service, slid sideways

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Krebs on Security

Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States.

More Trending

MY TAKE: What it takes to beat cybercrime in the age of DX and IoT: personal responsibility

The Last Watchdog

Back in 2004, when I co-wrote this USA TODAY cover story about spam -spreading botnets, I recall advising my editor to expect cybersecurity to be a headline-grabbing topic for a year or two more, tops. Related: A primer on machine-identity exposures. I was wrong. Each year over the past decade-and-a-half, a cause-and-effect pattern has spread more pervasively into the fabric of modern society.

IoT 109

With Doctored Photos, Thieves Try to Steal Bitcoin

Data Breach Today

Deep Fakes' May Eventually Complicate Identity Verification Cryptocurrency exchanges are seeing fraudsters submit doctored photos in an attempt to reset two-step verification on accounts.

244
244

Bomb Threat Hoaxer Exposed by Hacked Gaming Site

Krebs on Security

Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits.

620 million accounts stolen from 16 hacked websites available for sale on the dark web

Security Affairs

620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web. The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web.

Sales 108

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

MY TAKE: Can Project Furnace solve DX dilemma by combining serverless computing and GitOps?

The Last Watchdog

Assuring the privacy and security of sensitive data, and then actually monetizing that data, — ethically and efficiently — has turned out to be the defining challenge of digital transformation. Today a very interesting effort to address this complex dilemma is arising from the ferment, out of the UK. It’s called Project Furnace , an all-new open source software development platform.

Report: Facebook Faces Multibillion Dollar US Privacy Fine

Data Breach Today

FTC and Social Network Are Negotiating Record Penalty, Washington Post Reports The Federal Trade Commission is reportedly negotiating a settlement with Facebook that includes a multibillion dollar fine for its privacy failures.

Patch Tuesday, February 2019 Edition

Krebs on Security

Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system.

Tips 174

Bank of Valletta shut down its operations after a cyber attack

Security Affairs

Bank of Valletta, the largest bank of Malta was hit by a cyber attack, attackers attempted to steal 13 million euros ($14.7 million).

IT 103

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

GUEST ESSAY: Australia’s move compelling VPNs to cooperate with law enforcement is all wrong

The Last Watchdog

The moment we’ve all feared has finally come to pass. When government agencies and international intelligence groups pooled together resources to gather user data, the VPN’s encryption seemed like the light at the end of the tunnel. Related: California enacts pioneering privacy law. However, it looks like things are starting to break apart now that Australia has passed the “Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018”.

Major Flaw in Runc Poses Mass Container Takeover Risk

Data Breach Today

Attackers Could 'Break Out' via Runc Flaw to Compromise All Containers on Host Red Hat, Amazon and Google have issued fixes for a serious container vulnerability.

Risk 230

The Race to the Bottom of Credential Stuffing Lists; Collections #2 Through #5 (and More)

Troy Hunt

A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it.

Ubuntu snapd flaw allows getting root access to the system.

Security Affairs

Expert discovered a privilege escalation vulnerability in default installations of Ubuntu Linux that resides in the snapd API.

Access 103

The Queen of the Skies and Innovation

Adam Shostack

The Seattle Times has a story today about how “ 50 years ago today, the first 747 took off and changed aviation.” ” It’s true. The 747 was a marvel of engineering and luxury. The book by Joe Sutter is a great story of engineering leadership.

No-Deal Brexit Threatens British Crime-Fighting

Data Breach Today

Police Say Data-Sharing Alternatives 'Will Not Be As Efficient Or Effective' British police say they're doing their best to cope with the possibility that the U.K. will crash out of the EU in 45 days and lose access to joint policing resources.

Tools 224

Artificial Intelligence: Start with the data and be digital first

OpenText Information Management

Many organizations around the world are looking to implement artificial intelligence (AI) into their day-to-day business practices. But if you’re new to AI, it can be difficult to know how to get started.

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

Symantec discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners.

Mining 103

Blockchain is Real, But Still Not for Everybody

Weissman's World

I have conversations every day with people who believe either (a) blockchain is just another overhyped new technology being foisted upon us by unscrupulous vendors, or (b) it’s the solution to all their problems. Neither of these, of course, is correct. As written and discussed before in this space (and plenty of ‘elsewheres,’ too), blockchain […]. The post Blockchain is Real, But Still Not for Everybody appeared first on Holly Group. Blockchain infogov records

US Air Force Veteran Charged in Iran Hacking Scheme

Data Breach Today

Monica Witt Allegedly Aided Spear-Phishing Attacks Against US Military A former U.S. Air Force counterintelligence agent was indicted for disclosing classified information and helping Iran compromise the computers of other U.S. intelligence agents.

Don’t Get Your Valentine an Internet-Connected Sex Toy

WIRED Threat Level

Mozilla expands its “Privacy Not Included” gift guide to the bedroom: It’s all sexy fun and games until someone hacks a WiFi-enabled butt plug. Security

New Linux coin miner kills competing malware to maximize profits

Security Affairs

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner.

How to improve your cyber resilience

IT Governance

Cyber resilience isn’t something you can buy. It’s not as simple as finding off-the-shelf tools to plug into your organisation. Rather, you must tailor your approach to your needs, assessing the way any one solution affects the whole.

Roses are Red, Romance Scammers Make You Blue

Data Breach Today

Don't Fall for Fraudsters or You'll Be Poor and Brokenhearted Too This Valentine's Day, authorities are once again warning individuals to watch out for anyone perpetrating romance scams. The FTC says Americans lost $143 million to romance scams in 2017 while in the U.K.,

212
212

Cybersecurity Workers Scramble to Fix a Post-Shutdown Mess

WIRED Threat Level

The shutdown may have ended two weeks ago, but federal cybersecurity professionals will be coping with its impact for a long time to come. Security

A mysterious code prevents QNAP NAS devices to be updated

Security Affairs

Users of QNAP NAS devices are reporting through QNAP forum discussions of mysterious code that adds some entries that prevent software update.

Risk 103

Cyberinsurance and Acts of War

Schneier on Security

I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International's claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing.

Risk 81

US Intensifies Pressure on Allies to Avoid Huawei, ZTE

Data Breach Today

Secretary of State Pompeo Tours Europe to Discuss Countering China, Russia The Trump administration is leading a broadside against Chinese telecommunications giants Huawei and ZTE.

206
206