Sat.Nov 24, 2018 - Fri.Nov 30, 2018

Half of all Phishing Sites Now Have the Padlock

Krebs on Security

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice.

Propaganda and the Weakening of Trust in Government

Schneier on Security

On November 4, 2016, the hacker "Guccifer 2.0,: a front for Russia's military intelligence service, claimed in a blogpost that the Democrats were likely to use vulnerabilities to hack the presidential elections.

When Do You Need to Report a Data Breach?

Security Affairs

The way in which you respond to a data breach has a significant impact on how severe its consequences are. Reporting an event is one action that can help. The number of data breaches that were tracked in the U.S. in 2017 totaled 1,579, a nearly 44.7 percent increase from the previous year.

Two Iranians Charged in SamSam Ransomware Attacks

Data Breach Today

US Prosecutors Allege Pair Targeted More Than 200 Victims, Including Cities, Hospitals A federal grand jury has indicted two Iranians for allegedly waging SamSam ransomware attacks on more than 200 entities, including Atlanta and other municipalities and six healthcare organizations.

Marriott: Data on 500 Million Guests Stolen in 4-Year Breach

Krebs on Security

Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.

Data 256

When It Comes to PII, Santa’s Got Nothing Over Amazon

Weissman's World

Amazon this week announced new software that, as described by The Wall Street Journal, “can read patient records and other clinical notes, analyze them, and pluck out key data points.”

Groups 181

More Trending

Marriott's Starwood Reservation Hack Could Affect 500 Million

Data Breach Today

Database Intrusion Dates Back to 2014 The Marriott hotel chain has announced its Starwood guest reservation database has been hacked, potentially exposing up to 500 million accounts. The unauthorized access to the database started in 2014, the company says

Access 222

Experts demonstrate how to exfiltrate data using smart bulbs

Security Affairs

Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration.

How To 114

List of data breaches and cyber attacks in November 2018 – 251,286,753 records leaked

IT Governance

Last month I thought I’d try something new, so I focused on three stories rather than putting together a long list of breaches. It wasn’t a very popular approach. So the list is back. I count this month’s total of known leaked records to be 251,286,753.

How Surveillance Inhibits Freedom of Expression

Schneier on Security

In my book Data and Goliath , I write about the value of privacy. I talk about how it is essential for political liberty and justice, and for commercial fairness and equality. I talk about how it increases personal freedom and individual autonomy, and how the lack of it makes us all less secure.

Groups 114

UK Parliament Seizes Internal Facebook Privacy Documents

Data Breach Today

Bikini App Developer's Lawsuit Discovery Feeds Parliament's Facebook Probe A British lawmaker has obtained sealed U.S.

Knock-Knock Docker!! Will you let me in? Open API Abuse in Docker Containers

Security Affairs

Exploring the open API abuse for Docker Containers. Docker is a popular container product which has been adopted widely by the community. Preface. IT industry has seen quite a few transformations in last couple of decades with advent of disruptive technologies.

Mining 113

How Cyber Essentials can help secure against malware

IT Governance

The Cyber Essentials scheme is a world-leading assurance mechanism for organisations of all sizes to help demonstrate that the most critical cyber security controls have been implemented.

FBI Takes Down a Massive Advertising Fraud Ring

Schneier on Security

IT 110

Dell, Dunkin Donuts Reset Passwords After Incidents

Data Breach Today

The Impacts of Both Incidents Appear to Be Limited Dell and Dunkin Donuts have both initiated password resets after experiencing separate security incidents aimed at gaining access to customer accounts. The impacts of the attacks, however, appear to be limited

North Korea-linked group Lazarus targets Latin American banks

Security Affairs

According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported.

Groups 111

How to build a cyber incident response team

IT Governance

Who will you call when your organisation has been compromised? Having a cyber incident response team ready to go can save your organisation from disaster. There’s no escaping the threat of cyber security incidents.

That Bloomberg Supply-Chain-Hack Story

Schneier on Security

Back in October, Bloomberg reported that China has managed to install backdoors into server equipment that ended up in networks belonging to -- among others -- Apple and Amazon. Pretty much everybody has denied it (including the US DHS and the UK NCSC ).

IT 96

Google Faces GDPR Complaints Over Web, Location Tracking

Data Breach Today

GDPR 207

327 million Marriott guests affected in Starwood Data Breach

Security Affairs

Starwood Data Breach – Hackers accessed the guest reservation system of the Marriot owned Starwood since 2014 and copied and encrypted the information.

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

Michigan is known as the Wolverine State in deference to the ornery quadruped that roams its wild country. However, after a recent visit to Detroit, Ann Arbor and Grand Rapids as a guest of the Michigan Economic Development Corp., or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. Related: California’s pioneering privacy law ripples through other states. This new nickname may not roll off the tongue. But it does fit like a glove.

Three-Rotor Enigma Machine Up for Auction Today

Schneier on Security

Sotheby's is auctioning off a (working, I think) three-rotor Enigma machine today. They're expecting it to sell for about $200K. I have an Enigma, but it's missing the rotors. cryptography enigma historyofcryptography

IT 96

Court Approves Lenovo's $7.3 Million Adware Settlement

Data Breach Today

Manufacturer Preinstalled Superfish Visual Discovery Adware on 800,000 Laptops A court has preliminarily approved Lenovo's proposal to pay $7.3 million to settle a consolidated class action lawsuit filed over its preinstallation of Superfish adware onto laptops purchased by 800,000 consumers.

Ransomware attack disrupted emergency rooms at Ohio Hospital System

Security Affairs

Ransomware attacks continue to threaten the healthcare industry, the last incident in order of time impacted the Ohio Hospital System.

Data breaches grow across UK education sector

IT Governance

A recent freedom of information request by chartered accountants UHY Hacker Young reveals a worrying rise in reported data breaches across the UK education sector.

Special Counsel Robert Mueller's Endgame May Be in Sight

WIRED Threat Level

Recent developments in the special counsel investigation show indicate that things are about to heat up. Security

Uber Fined $1.2 Million in EU for Breach Disclosure Delay

Data Breach Today

Credential Stuffing Attack Cracked Uber's Amazon S3 Buckets, Investigators Say Uber has been slammed with $1.2 million in fines by U.K. and Dutch privacy regulators for its cover-up of a 2016 data breach for more than a year.

US Government is asking allies to ban Huawei equipment

Security Affairs

US Government is inviting its allies to exclude Huawei equipment from critical infrastructure and 5G architectures, reports the Wall Street Journal. The Wall Street Journal reported that the US Government is urging its allies to exclude Huawei from critical infrastructure and 5G architectures.

Uber fined £385,000 for data breach cover-up

IT Governance

The ICO (Information Commissioner’s Office) has fined Uber £385,000 for a data breach affecting 35 million people, including 2.7 million British customers.

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

Michigan is cultivating a collection of amazing cybersecurity training facilities, called Cyber Range hubs, that are shining models for what’s possible when inspired program leaders are given access to leading-edge resources, wisely supplied by public agencies and private foundations.

Another Healthcare Website Security Issue Revealed

Data Breach Today

Tandigm Health Reports Vulnerability in Physician Portal In yet another sign that website security issues are far too common in the healthcare sector, Tandigm Health says a vulnerability on a physician portal potentially exposed patient data

The SLoad Powershell malspam is expanding to Italy

Security Affairs

A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. sLoad is a sophisticated script, used in the past to deliver different types of malware such as the dreaded “ Ramnit banker”.

More than half of consumers would consider legal action if their data was compromised during a breach

Thales Data Security

Six months on from the legal implementation of the General Data Protection Regulation (GDPR), a third of consumers have admitted they still aren’t confident that the companies they interact with comply with the regulation.


GDPR data breach notification: A quick guide

IT Governance

The data breach notification requirements of the EU GDPR (General Data Protection Regulation) are complicated, so it’s no surprise that many organisations aren’t sure what they’re supposed to be doing. However, it’s crucial that you know what to do when disaster strikes.