Sat.Mar 16, 2019 - Fri.Mar 22, 2019

MY TAKE: Get ready to future-proof cybersecurity; the race is on to deliver ‘post-quantum crypto’

The Last Watchdog

Years-to-quantum. We’re 10 to 15 years from the arrival of quantum computers capable of solving complex problems far beyond the capacity of classical computers to solve. Post-quantum-cryptography. Right now, the race is on to revamp classical encryption in preparation for the coming of quantum computers. Our smart homes, smart workplaces and smart transportation systems must be able to withstand the threat of quantum computers.

Why Phone Numbers Stink As Identity Proof

Krebs on Security

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities.

Tools 273

Report: Facebook Stored Millions of Passwords in Plaintext

Data Breach Today

Facebook Under Fresh Scrutiny Over How It Stored User Passwords Facebook has corrected an internal security issue that allowed the company to store millions of user passwords in plaintext that were then available to employees through an internal search tool

Experts found a critical vulnerability in the NSA Ghidra tool

Security Affairs

A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely.

Tools 114

GUEST ESSAY: Why there’s no such thing as anonymity it this digital age

The Last Watchdog

Unless you decide to go Henry David Thoreau and shun civilization altogether, you can’t — and won’t — stop generating data , which sooner or later can be traced back to you. Related: The Facebook factor. A few weeks back I interviewed a white hat hacker. After the interview, I told him that his examples gave me paranoia. He laughed and responded, “There’s no such thing as anonymous data; it all depends on how determined the other party is.”.

Utter Zuck-up: 600 million passwords exposed in Facebook data breach

IT Governance

Up to 600 million Facebook users have had their passwords leaked in an internal data breach. Security researcher Brian Krebs broke the news on 21 March 2019, explaining that the social network’s internal company servers contained passwords stored in plaintext.

More Trending

SimBad malware infected million Android users through Play Store

Security Affairs

Security experts at Check Point uncovered a sophisticated malware campaign spreading the SimBad malicious code through the official Google Play Store. Researchers at Check Point have uncovered a sophisticated malware campaign spreading the SimBad agent through the official Google Play Store.

Web application exposures continue do bedevil companies as digital transformation accelerates

The Last Watchdog

As sure as the sun will rise in the morning, hackers will poke and prod at the web applications companies rely on – and find fresh weaknesses they can exploit. Related: Cyber spies feast on government shut down. Companies are scaling up their use of web apps as they strive to integrate digital technology into every aspect of daily business operation. As this ‘digital transformation’ of commerce accelerates, the attack surface available to threat actors likewise is expanding.

First Look Media Shutting Down Access to Snowden NSA Archives

Schneier on Security

The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives. The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014, after he parted ways with the Guardian the year before.

Hydro Hit by LockerGoga Ransomware via Active Directory

Data Breach Today

Targeted Crypto-Locking Malware Attack Follows French Firm Being Hit Aluminum giant Norsk Hydro has been hit by LockerGoga ransomware, which was apparently distributed to endpoints by hackers using the company's own Active Directory services against it.

Massive attacks bypass MFA on Office 365 and G Suite accounts via IMAP Protocol

Security Affairs

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA).

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

The Last Watchdog

Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds. Related: How NSA cyber weapon could be used for a $200 billion ransomware caper. Exabeam is a bold upstart in the SIEM space. The path this San Mateo, CA-based vendor is trodding tells us a lot about the unfolding renaissance of SIEMs – and where it could take digital commerce.

Facebook Stored Millions of Passwords in Plaintext—Change Yours Now

WIRED Threat Level

Facebook has disclosed that it stored hundreds of millions of user passwords in plaintext, where employees could search them. Security

North Carolina County Suffers Repeat Ransomware Infections

Data Breach Today

Third Time is the Charm as Orange County Keeps Having to Recover? Attackers have hit North Carolina's Orange County with ransomware for the third time in six years. Government officials say IT teams have been working overtime to restore systems, and that no data has been lost

Google white hat hacker found new bug class in Windows

Security Affairs

James Forshaw, a white hat hacker at Google Project Zero, has discovered a new class of bugs that affect Windows and some of its drivers.

Bridging the gap between AWS Lambda and other clouds: TriggerMesh

DXC Technology

If you want to do serverless computing today chances are you’re using Amazon Web Services (AWS) Lambda. Which is fine if you’re wedded to AWS, but if you’d rather use another cloud or run a hybrid cloud, AWS-specific Lambda may not be ideal. Enter TriggerMesh Knative Lambda Sources (KLASS), which offers a way to bridge […]. Cloud AWS lambda serverless TriggerMesh

Cloud 87

The Mueller Report Is Done. Now Comes the Hard Part

WIRED Threat Level

Special counsel Robert Mueller finished his investigation into the 2016 presidential election Friday. Security Security / Security News

The CISO's Role in AppSec

Data Breach Today

Craig Goodwin of CDK Global on Adding Security to Development As CSO of CDK Global LLC, Craig Goodwin has been part of the rollout of a new API platform that he believes will revolutionize automotive purchasing. Goodwin offers his perspective on security's role in application DevOps

Pwn2Own 2019 Day 1 – participants hacked Apple, Oracle, VMware products

Security Affairs

Pwn2Own 2019 hacking competition is started and participants hacked Apple Safari browser, Oracle VirtualBox and VMware Workstation on the first day.

Demo 106

Simplifying cybersecurity for the water sector – a reminder on World Water Day

Thales eSecurity

World Water Day is a UN initiative celebrated every March 22. It honors water and focuses on those deprived of it. The occasion is a persuasive aide-memoire to the human world to deal with the global water crisis.

A guide to the GDPR’s EU representative requirements

IT Governance

You might have heard increased chatter recently about the need for an EU representative under the GDPR (General Data Protection Regulation). This rule applies to any organisation outside the EU that monitors the behaviour of, or provides goods or services to, EU residents.

GDPR 85

EU Seeks Better Coordination to Battle Next Big Cyberattack

Data Breach Today

Life After WannaCry and NotPetya: Europol Wants EU Member States To Be Ready Life after WannaCry and NotPetya: Europol, the EU's law enforcement intelligence agency, wants member states to be able to rapidly respond to the next big cyberattack against Europe.

226
226

South Korea – 1,600 guests at 30 motels secretly live streamed

Security Affairs

Four people from South Korea are accused of secretly live streaming, and selling videos made with spy-cam installed in 42 motel rooms at 30 motels in 10 cities in South Korea.

Video 104

FEMA Leaked Data From 2.3 Million Disaster Survivors

WIRED Threat Level

The Homeland Security Department inspector general released a damning report about FEMA's inability to safeguard the personal info of the people it helped. Security / Cyberattacks and Hacks Security

IT 84

Crafting the Perfect Pipeline in GitLab

Thales eSecurity

When using a traditional single-server continuous integration (CI), fast, incremental builds are simple. Each time the CI builds your pipeline, it’s able to use the same workspace, preserving the state from the previous build. But what if you are using Kubernetes runners to execute your pipelines?

Aluminum Giant Norsk Hydro Hit by Ransomware

Data Breach Today

Crypto-Locking Malware Attack Results in 'Temporary Stoppage at Several Plants' Norsk Hydro, one of the world's largest aluminum producers, has been hit by a crypto-locking ransomware attack that began at one of its U.S. plans and has disrupted some global operations.

Medtronic’s implantable heart defibrillators vulnerable to hack

Security Affairs

The U.S. Department of Homeland Security Thursday issued a security advisory for multiple vulnerabilities affecting over a dozen heart defibrillators.

The Artificial Intelligence Yin Needs a Business Yang

AIIM

Seven (yes, seven!) years ago, AIIM published “The Big Data Balancing Act - Too much yin and not enough yang?” The author of the report was none other than Nuxeo’s David Jones, who worked as a business analyst for AIIM at the time.

Elasticsearch Server Exposes Trove of Patient Data

Adam Levin

A health company’s unprotected server exposed over six million health records in the last 12 months. Meditlab, an electronic medical record company, left a server for electronic faxes completely unprotected since bringing it online in March 2018.

Steele Dossier Case: Expert Traces Spear-Phishing of DNC

Data Breach Today

XBT/Webzilla Hosting Infrastructure Used for Nation-State Hacking, Expert Finds Web hosting firm XBT/Webzilla's infrastructure was used to attack the U.S.

[SI-LAB] LockerGoga is the most active ransomware that focuses on targeting companies

Security Affairs

LockerGoga is the most active ransomware, experts warns it focuses on targeting companies and bypass AV signature-based detection. LockerGoga ransomware is a crypto-malware that loads the malicious file on the system from an infected email attachment.

What you need to know about the DPA 2018 and the GDPR

IT Governance

The data protection landscape was dramatically reshaped with the introduction of the EU GDPR (General Data Protection Regulation) on 25 May 2018, but it wasn’t the only law that took effect that day.

GDPR 80

#ModernDataMasters: Mike Evans, Chief Technology Officer

Reltio

Kate Tickner, Reltio. Mike Evans is CTO and Founder at Comma Group and has spent more than a decade in the business analysis, MDM and data management space. What is your background and what was your route into data management? I never consciously chose to work in data.

MDM 82

Groups Ask FDA to Rethink Some Medical Device Cyber Proposals

Data Breach Today

Agency Receives Critique on Draft of Premarket Medical Device Cyber Guidance Update The FDA is generally on the right track in updating guidance for the cybersecurity of premarket medical devices.

Groups 224