Sat.Apr 13, 2019 - Fri.Apr 19, 2019

MY TAKE: Most companies blissfully ignorant of rising attacks on most-used endpoint: mobile devices

The Last Watchdog

A dozen years after Apple launched the first iPhone, igniting the smartphone market, the Bring Your Own Device to work phenomenon is alive and well. Related: Stopping mobile device exploits. The security issues posed by BYOD are as complex and difficult to address as ever. Meanwhile, the pressure for companies to proactively address mobile security is mounting from two quarters.

MDM 154

How to Track Your Kids (and Other People's Kids) With the TicTocTrack Watch

Troy Hunt

Do you ever hear those stories from your parents along the lines of "when I was young." and then there's a tale of how risky life was back then compared to today.

How To 114

'Sea Turtle' DNS Hijacking Group Conducts Espionage: Report

Data Breach Today

Cisco Talos Researchers Describe Group's Methods A nation-state sponsored espionage campaign dubbed "Sea Turtle" has been manipulating the domain name system to target more than 40 organizations, including intelligence agencies - especially in North Africa and the Middle East, Cisco Talos warns.

Groups 231

How Not to Acknowledge a Data Breach

Krebs on Security

I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

A new DDoS technique abuses HTML5 Hyperlink Audit Ping in massive attacks

Security Affairs

Experts at Imperva discovered a new type of large-scale DDoS attack that abuses the HTML5 Ping-based hyperlink auditing feature. Experts at Imperva Vitaly Simonovich and Dima Bekerman observed a large-scale DDoS attack abusing the HTML5 Ping-based hyperlink auditing feature.

More Trending

Australian Child-Tracking Smartwatch Vulnerable to Hackers

Data Breach Today

Report: Hacker Could Spoof Child's Location, View Personal Information An Australian company that markets a smartwatch designed to let parents monitor their child has taken its service offline after researchers revealed hackers could listen in on and spy on a child's location.

Experts: Breach at IT Outsourcing Giant Wipro

Krebs on Security

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [ NYSE:WIT ] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity.

IT 256

Source code of tools used by OilRig APT leaked on Telegram

Security Affairs

Lab Dookhtegan hackers leaked details about operations carried out by Iran-linked OilRig group, including source code of 6 tools.

Tools 111

Q&A: How AI, digital transformation are shaking up revenue management in high tech, life sciences

The Last Watchdog

A recent poll of some 300 senior executives from U.S.-based based life sciences and high-tech manufacturing companies sheds light on how digital transformation – and the rising role of third-party partners – have combined to create unprecedented operational challenges in the brave new world of digital commerce. Related: AI one-upsmanship prevails in antivirus field.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

10 Highlights: Cryptographers' Panel at RSA Conference 2019

Data Breach Today

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

Attackers hacked support agent to access Microsoft Outlook email accounts

Security Affairs

Bad news for users of the Microsoft Outlook email service, hackers have compromised the Microsoft Support Agent to access their email accounts.

Access 111

China Spying on Undersea Internet Cables

Schneier on Security

Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Data Breaches in Healthcare Affect More Than Patient Data

Data Breach Today

Blue Cross of Idaho and Palmetto Health Report Financial, Payroll Breaches Two recent data breaches at organizations in the healthcare sector illustrate that systems beyond those directly related to patient care can be at risk

Wipro Intruders Targeted Other Major IT Firms

Krebs on Security

IT 183

These hackers have breached FBI-affiliated websites and leaked data online

Security Affairs

Hackers publish personal data on thousands of US police officers and federal agents. Media outlet Techcrunch reported that a hacker group has breached several FBI-affiliated websites and leaked the stolen info online.

Vulnerabilities in the WPA3 Wi-Fi Security Protocol

Schneier on Security

Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories.

Researchers: Malware Can Be Hidden in Medical Images

Data Breach Today

But Does 'Flaw' in DICOM File Format Represent a Serious Risk? A "flaw" in the file format of the DICOM standard for communication of medical imaging information could be exploited to hide malware in MRI and CT scans alongside patient data, according to a new research report.

Risk 232

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware

Krebs on Security

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices.

Facebook admitted to have stored millions of Instagram users’ passwords in plaintext

Security Affairs

Other problems for Facebook that admitted to have stored m illions of Instagram users’ passwords in plaintext. Yesterday, Facebook made the headlines once again for alleged violations of the privacy of its users, the company admitted to have ‘unintentionally’ collected contacts from 1.5

NEW TECH: Brinqa takes a ‘graph database’ approach to vulnerability management, app security

The Last Watchdog

Imposing just the right touch of policies and procedures towards mitigating cyber risks is a core challenge facing any company caught up in digital transformation. Related: Data breaches fuel fledgling cyber insurance market. Enterprises, especially, tend to be methodical and plodding. Digital transformation is all about high-velocity innovation and on-the-fly change. The yawning gap between the two is where fresh attack vectors are arising, creating a candy-store environment for threat actors.

Today's Forecast: Cloudy With a Chance of Malware

Data Breach Today

Program on The Weather Channel Knocked Off Air by Malware for 90 Minutes For about 90 minutes Thursday morning, the broadcast of The Weather Channel's signature early show, "AMHQ," was shut down by what the company called "a malicious software attack

229
229

New DNS Hijacking Attacks

Schneier on Security

DNS hijacking isn't new, but this seems to be an attack of uprecidented scale: Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations.

Ransomware attack knocks Weather Channel off the Air

Security Affairs

A ransomware attack knocked the Weather Channel off the air for at least 90 minutes Thursday morning, federal law enforcement are investigating the incident.

A call to rethink the banking value chain

DXC Technology

Financial services is shifting to platforms for business functions and processes, and that’s a good thing. Moving from applications to Software as a Service (SaaS) and then to Platform as a Service (PaaS) can create new value chains.

Leak Exposes OilRig APT Group's Tools

Data Breach Today

Group, Apparently Backed By Iran, Was Broadening Its Targets, Analysts Say A set of malicious tools, along with a list of potential targets and victims, belonging to an APT group dubbed OilRig has leaked online, exposing some of the organization's methods and goals, analysts say

Groups 222

Iranian Cyberespionage Tools Leaked Online

Schneier on Security

The source code of a set of Iranian cyberespionage tools was leaked online. cyberespionage doxing hacking iran leaks

Tools 95

Ecuador suffered 40 Million Cyber attacks after the Julian Assange arrest

Security Affairs

Ecuador suffered 40 million cyber attacks on websites of public institutions since the arrest of Wikileaks founder Julian Assange. Last week, WikiLeaks founder Julian Assange has been arrested at the Ecuadorian Embassy in London. after Ecuador withdrew asylum after seven years.

The Mueller Report Is Much Worse For Trump Than Barr Let On

WIRED Threat Level

The Mueller report clearly shows that Donald Trump attempted to obstruct justice, regardless of what the attorney general says. Security

Microsoft: Email Content Exposed in Customer Support Hack

Data Breach Today

Upgraded Warning Begs Questions About Compromise Microsoft says intruders targeting its email services had access to email content for a single-digit percentage of the overall affected accounts, a more serious conclusion than first thought.

Access 222

Data on Tap for all Your Data Woes

Reltio

Ramya Krishnan , Reltio Meeting an old friend is always a pleasure. A cozy coffee shop, peaceful mid-morning, and genuine casual talk. Though Janine didn’t seem all that relaxed, and when asked, she mentioned that at her workplace data processing seems to go on and on.