Sat.Mar 16, 2019 - Fri.Mar 22, 2019

MY TAKE: Get ready to future-proof cybersecurity; the race is on to deliver ‘post-quantum crypto’

The Last Watchdog

Years-to-quantum. We’re 10 to 15 years from the arrival of quantum computers capable of solving complex problems far beyond the capacity of classical computers to solve. Post-quantum-cryptography. Right now, the race is on to revamp classical encryption in preparation for the coming of quantum computers. Our smart homes, smart workplaces and smart transportation systems must be able to withstand the threat of quantum computers.

Why Phone Numbers Stink As Identity Proof

Krebs on Security

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Report: Facebook Stored Millions of Passwords in Plaintext

Data Breach Today

Facebook Under Fresh Scrutiny Over How It Stored User Passwords Facebook has corrected an internal security issue that allowed the company to store millions of user passwords in plaintext that were then available to employees through an internal search tool

Experts found a critical vulnerability in the NSA Ghidra tool

Security Affairs

A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely.

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

GUEST ESSAY: Why there’s no such thing as anonymity it this digital age

The Last Watchdog

Unless you decide to go Henry David Thoreau and shun civilization altogether, you can’t — and won’t — stop generating data , which sooner or later can be traced back to you. Related: The Facebook factor. A few weeks back I interviewed a white hat hacker. After the interview, I told him that his examples gave me paranoia. He laughed and responded, “There’s no such thing as anonymous data; it all depends on how determined the other party is.”.

More Trending

Hydro Hit by LockerGoga Ransomware via Active Directory

Data Breach Today

Targeted Crypto-Locking Malware Attack Follows French Firm Being Hit Aluminum giant Norsk Hydro has been hit by LockerGoga ransomware, which was apparently distributed to endpoints by hackers using the company's own Active Directory services against it.

Massive attacks bypass MFA on Office 365 and G Suite accounts via IMAP Protocol

Security Affairs

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA).

Web application exposures continue do bedevil companies as digital transformation accelerates

The Last Watchdog

As sure as the sun will rise in the morning, hackers will poke and prod at the web applications companies rely on – and find fresh weaknesses they can exploit. Related: Cyber spies feast on government shut down. Companies are scaling up their use of web apps as they strive to integrate digital technology into every aspect of daily business operation. As this ‘digital transformation’ of commerce accelerates, the attack surface available to threat actors likewise is expanding.

First Look Media Shutting Down Access to Snowden NSA Archives

Schneier on Security

The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives. The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014, after he parted ways with the Guardian the year before.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

GDPR: Data Breach Notification 101

Data Breach Today

Brian Honan of BH Consulting on When to Notify - or Not Since the EU's new GDPR privacy law came into effect in May 2018, one challenge for organizations that suffer a breach is knowing whether or not they must report it to authorities, says Brian Honan, president and CEO of BH Consulting in Dublin

SimBad malware infected million Android users through Play Store

Security Affairs

Security experts at Check Point uncovered a sophisticated malware campaign spreading the SimBad malicious code through the official Google Play Store. Researchers at Check Point have uncovered a sophisticated malware campaign spreading the SimBad agent through the official Google Play Store.

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

The Last Watchdog

Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds. Related: How NSA cyber weapon could be used for a $200 billion ransomware caper. Exabeam is a bold upstart in the SIEM space. The path this San Mateo, CA-based vendor is trodding tells us a lot about the unfolding renaissance of SIEMs – and where it could take digital commerce.

New IoT Security Bill: Third Time's the Charm?

Dark Reading

The latest bill to set security standards for connected devices sold to the US government has fewer requirements, instead leaving recommendations to the National Institute of Standards and Technology

IoT 110

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Steele Dossier Case: Expert Traces Spear-Phishing of DNC

Data Breach Today

XBT/Webzilla Hosting Infrastructure Used for Nation-State Hacking, Expert Finds Web hosting firm XBT/Webzilla's infrastructure was used to attack the U.S.

Medtronic’s implantable heart defibrillators vulnerable to hack

Security Affairs

The U.S. Department of Homeland Security Thursday issued a security advisory for multiple vulnerabilities affecting over a dozen heart defibrillators.

BEST PRACTICES: 6 physical security measures every company needs

The Last Watchdog

It has never been more important to invest in proper security for your business. Laws surrounding the personal data of individuals such as the General Data Protection Regulation (GDPR) put the onus on companies to ensure that both digital and physical copies of data are secure at all times. Related: Shrinking to human attack vector.

Access 109

An Argument that Cybersecurity Is Basically Okay

Schneier on Security

Andrew Odlyzko's new essay is worth reading -- " Cybersecurity is not very important ": Abstract: There is a rising tide of security breaches. There is an even faster rising tide of hysteria over the ostensible reason for these breaches, namely the deficient state of our information infrastructure.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

The CISO's Role in AppSec

Data Breach Today

Craig Goodwin of CDK Global on Adding Security to Development As CSO of CDK Global LLC, Craig Goodwin has been part of the rollout of a new API platform that he believes will revolutionize automotive purchasing. Goodwin offers his perspective on security's role in application DevOps

Google white hat hacker found new bug class in Windows

Security Affairs

James Forshaw, a white hat hacker at Google Project Zero, has discovered a new class of bugs that affect Windows and some of its drivers.

Access 113

A guide to the GDPR’s EU representative requirements

IT Governance

You might have heard increased chatter recently about the need for an EU representative under the GDPR (General Data Protection Regulation). This rule applies to any organisation outside the EU that monitors the behaviour of, or provides goods or services to, EU residents.

GDPR 106

Enigma, Typex, and Bombe Simulators

Schneier on Security

GCHQ has put simulators for the Enigma, Typex, and Bombe on the Internet. News article. cryptanalysis cryptography encryption gchq historyofcryptography

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Groups Ask FDA to Rethink Some Medical Device Cyber Proposals

Data Breach Today

Agency Receives Critique on Draft of Premarket Medical Device Cyber Guidance Update The FDA is generally on the right track in updating guidance for the cybersecurity of premarket medical devices.

EU adopts EU Law Enforcement Emergency Response Protocol for massive cyberattacks

Security Affairs

Europol announced the EU Law Enforcement Emergency Response Protocol new protocol for law enforcement agencies in the European Union and abroad to handle major cross-border cyberattacks.

BEST PRACTICES: How to protect yourself from the enduring scourge of malvertising

The Last Watchdog

Malvertising is rearing its ugly head – yet again. Malicious online ads have surged and retreated in cycles since the earliest days of the Internet. Remember when infectious banner ads and viral toolbars cluttered early browsers? Related: Web application exposures redouble. Historically, with each iteration of malicious ads, the online advertising industry, led by Google, has fought back, and kept this scourge at a publicly acceptable level.

Retail 104

Researchers Seek Out Ways to Search IPv6 Space

Dark Reading

Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day

Aluminum Giant Norsk Hydro Hit by Ransomware

Data Breach Today

Crypto-Locking Malware Attack Results in 'Temporary Stoppage at Several Plants' Norsk Hydro, one of the world's largest aluminum producers, has been hit by a crypto-locking ransomware attack that began at one of its U.S. plans and has disrupted some global operations.