Sat.Mar 16, 2019 - Fri.Mar 22, 2019

MY TAKE: Get ready to future-proof cybersecurity; the race is on to deliver ‘post-quantum crypto’

The Last Watchdog

Years-to-quantum. We’re 10 to 15 years from the arrival of quantum computers capable of solving complex problems far beyond the capacity of classical computers to solve. Post-quantum-cryptography. Right now, the race is on to revamp classical encryption in preparation for the coming of quantum computers. Our smart homes, smart workplaces and smart transportation systems must be able to withstand the threat of quantum computers.

Why Phone Numbers Stink As Identity Proof

Krebs on Security

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities.

Tools 269

Report: Facebook Stored Millions of Passwords in Plaintext

Data Breach Today

Facebook Under Fresh Scrutiny Over How It Stored User Passwords Facebook has corrected an internal security issue that allowed the company to store millions of user passwords in plaintext that were then available to employees through an internal search tool

Experts found a critical vulnerability in the NSA Ghidra tool

Security Affairs

A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely.

Tools 113

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

GUEST ESSAY: Why there’s no such thing as anonymity it this digital age

The Last Watchdog

Unless you decide to go Henry David Thoreau and shun civilization altogether, you can’t — and won’t — stop generating data , which sooner or later can be traced back to you. Related: The Facebook factor. A few weeks back I interviewed a white hat hacker. After the interview, I told him that his examples gave me paranoia. He laughed and responded, “There’s no such thing as anonymous data; it all depends on how determined the other party is.”.

More Trending

Hydro Hit by LockerGoga Ransomware via Active Directory

Data Breach Today

Targeted Crypto-Locking Malware Attack Follows French Firm Being Hit Aluminum giant Norsk Hydro has been hit by LockerGoga ransomware, which was apparently distributed to endpoints by hackers using the company's own Active Directory services against it.

Massive attacks bypass MFA on Office 365 and G Suite accounts via IMAP Protocol

Security Affairs

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA).

Web application exposures continue do bedevil companies as digital transformation accelerates

The Last Watchdog

As sure as the sun will rise in the morning, hackers will poke and prod at the web applications companies rely on – and find fresh weaknesses they can exploit. Related: Cyber spies feast on government shut down. Companies are scaling up their use of web apps as they strive to integrate digital technology into every aspect of daily business operation. As this ‘digital transformation’ of commerce accelerates, the attack surface available to threat actors likewise is expanding.

First Look Media Shutting Down Access to Snowden NSA Archives

Schneier on Security

The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives. The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014, after he parted ways with the Guardian the year before.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

GDPR: Data Breach Notification 101

Data Breach Today

Brian Honan of BH Consulting on When to Notify - or Not Since the EU's new GDPR privacy law came into effect in May 2018, one challenge for organizations that suffer a breach is knowing whether or not they must report it to authorities, says Brian Honan, president and CEO of BH Consulting in Dublin

SimBad malware infected million Android users through Play Store

Security Affairs

Security experts at Check Point uncovered a sophisticated malware campaign spreading the SimBad malicious code through the official Google Play Store. Researchers at Check Point have uncovered a sophisticated malware campaign spreading the SimBad agent through the official Google Play Store.

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

The Last Watchdog

Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds. Related: How NSA cyber weapon could be used for a $200 billion ransomware caper. Exabeam is a bold upstart in the SIEM space. The path this San Mateo, CA-based vendor is trodding tells us a lot about the unfolding renaissance of SIEMs – and where it could take digital commerce.

Zipcar Disruption

Schneier on Security

This isn't a security story, but it easily could have been. Last Saturday, Zipcar had a system outage : "an outage experienced by a third party telecommunications vendor disrupted connections between the company's vehicles and its reservation software.".

IT 90

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Steele Dossier Case: Expert Traces Spear-Phishing of DNC

Data Breach Today

XBT/Webzilla Hosting Infrastructure Used for Nation-State Hacking, Expert Finds Web hosting firm XBT/Webzilla's infrastructure was used to attack the U.S.

Google white hat hacker found new bug class in Windows

Security Affairs

James Forshaw, a white hat hacker at Google Project Zero, has discovered a new class of bugs that affect Windows and some of its drivers.

BEST PRACTICES: 6 physical security measures every company needs

The Last Watchdog

It has never been more important to invest in proper security for your business. Laws surrounding the personal data of individuals such as the General Data Protection Regulation (GDPR) put the onus on companies to ensure that both digital and physical copies of data are secure at all times. Related: Shrinking to human attack vector.

Access 107

A guide to the GDPR’s EU representative requirements

IT Governance

You might have heard increased chatter recently about the need for an EU representative under the GDPR (General Data Protection Regulation). This rule applies to any organisation outside the EU that monitors the behaviour of, or provides goods or services to, EU residents.

GDPR 90

The CISO's Role in AppSec

Data Breach Today

Craig Goodwin of CDK Global on Adding Security to Development As CSO of CDK Global LLC, Craig Goodwin has been part of the rollout of a new API platform that he believes will revolutionize automotive purchasing. Goodwin offers his perspective on security's role in application DevOps

Pwn2Own 2019 Day 1 – participants hacked Apple, Oracle, VMware products

Security Affairs

Pwn2Own 2019 hacking competition is started and participants hacked Apple Safari browser, Oracle VirtualBox and VMware Workstation on the first day.

Demo 101

BEST PRACTICES: How to protect yourself from the enduring scourge of malvertising

The Last Watchdog

Malvertising is rearing its ugly head – yet again. Malicious online ads have surged and retreated in cycles since the earliest days of the Internet. Remember when infectious banner ads and viral toolbars cluttered early browsers? Related: Web application exposures redouble. Historically, with each iteration of malicious ads, the online advertising industry, led by Google, has fought back, and kept this scourge at a publicly acceptable level.

How To 104

Facebook Stored Millions of Passwords in Plaintext—Change Yours Now

WIRED Threat Level

Facebook has disclosed that it stored hundreds of millions of user passwords in plaintext, where employees could search them. Security

EU Seeks Better Coordination to Battle Next Big Cyberattack

Data Breach Today

Life After WannaCry and NotPetya: Europol Wants EU Member States To Be Ready Life after WannaCry and NotPetya: Europol, the EU's law enforcement intelligence agency, wants member states to be able to rapidly respond to the next big cyberattack against Europe.

236
236

Medtronic’s implantable heart defibrillators vulnerable to hack

Security Affairs

The U.S. Department of Homeland Security Thursday issued a security advisory for multiple vulnerabilities affecting over a dozen heart defibrillators.

Bridging the gap between AWS Lambda and other clouds: TriggerMesh

DXC Technology

If you want to do serverless computing today chances are you’re using Amazon Web Services (AWS) Lambda. Which is fine if you’re wedded to AWS, but if you’d rather use another cloud or run a hybrid cloud, AWS-specific Lambda may not be ideal. Enter TriggerMesh Knative Lambda Sources (KLASS), which offers a way to bridge […]. Cloud AWS lambda serverless TriggerMesh

Cloud 87

The Mueller Report Is Done. Now Comes the Hard Part

WIRED Threat Level

Special counsel Robert Mueller finished his investigation into the 2016 presidential election Friday. Security Security / Security News

Aluminum Giant Norsk Hydro Hit by Ransomware

Data Breach Today

Crypto-Locking Malware Attack Results in 'Temporary Stoppage at Several Plants' Norsk Hydro, one of the world's largest aluminum producers, has been hit by a crypto-locking ransomware attack that began at one of its U.S. plans and has disrupted some global operations.

South Korea – 1,600 guests at 30 motels secretly live streamed

Security Affairs

Four people from South Korea are accused of secretly live streaming, and selling videos made with spy-cam installed in 42 motel rooms at 30 motels in 10 cities in South Korea.

Video 100

What you need to know about the DPA 2018 and the GDPR

IT Governance

The data protection landscape was dramatically reshaped with the introduction of the EU GDPR (General Data Protection Regulation) on 25 May 2018, but it wasn’t the only law that took effect that day.

GDPR 86

An Argument that Cybersecurity Is Basically Okay

Schneier on Security

Andrew Odlyzko's new essay is worth reading -- " Cybersecurity is not very important ": Abstract: There is a rising tide of security breaches. There is an even faster rising tide of hysteria over the ostensible reason for these breaches, namely the deficient state of our information infrastructure.

North Carolina County Suffers Repeat Ransomware Infections

Data Breach Today

Third Time is the Charm as Orange County Keeps Having to Recover? Attackers have hit North Carolina's Orange County with ransomware for the third time in six years. Government officials say IT teams have been working overtime to restore systems, and that no data has been lost

Israeli Candidate for PM Benny Gantz hacked by Iranian cyberspies

Security Affairs

Israeli media reported this week that the Shin Bet internal security service warned Benny Gantz that Iranian cyber spies hacked his cellphone exposing his personal data.