Sat.Nov 24, 2018 - Fri.Nov 30, 2018

Half of all Phishing Sites Now Have the Padlock

Krebs on Security

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice.

Propaganda and the Weakening of Trust in Government

Schneier on Security

On November 4, 2016, the hacker "Guccifer 2.0,: a front for Russia's military intelligence service, claimed in a blogpost that the Democrats were likely to use vulnerabilities to hack the presidential elections.

When Do You Need to Report a Data Breach?

Security Affairs

The way in which you respond to a data breach has a significant impact on how severe its consequences are. Reporting an event is one action that can help. The number of data breaches that were tracked in the U.S. in 2017 totaled 1,579, a nearly 44.7 percent increase from the previous year.

Marriott's Starwood Reservation Hack Could Affect 500 Million

Data Breach Today

Database Intrusion Dates Back to 2014 The Marriott hotel chain has announced its Starwood guest reservation database has been hacked, potentially exposing up to 500 million accounts. The unauthorized access to the database started in 2014, the company says

Access 231

Marriott: Data on 500 Million Guests Stolen in 4-Year Breach

Krebs on Security

Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.

Data 245

When It Comes to PII, Santa’s Got Nothing Over Amazon

Weissman's World

Amazon this week announced new software that, as described by The Wall Street Journal, “can read patient records and other clinical notes, analyze them, and pluck out key data points.”

Groups 181

List of data breaches and cyber attacks in November 2018 – 251,286,753 records leaked

IT Governance

Last month I thought I’d try something new, so I focused on three stories rather than putting together a long list of breaches. It wasn’t a very popular approach. So the list is back. I count this month’s total of known leaked records to be 251,286,753.

More Trending

How Surveillance Inhibits Freedom of Expression

Schneier on Security

In my book Data and Goliath , I write about the value of privacy. I talk about how it is essential for political liberty and justice, and for commercial fairness and equality. I talk about how it increases personal freedom and individual autonomy, and how the lack of it makes us all less secure.

Groups 110

Knock-Knock Docker!! Will you let me in? Open API Abuse in Docker Containers

Security Affairs

Exploring the open API abuse for Docker Containers. Docker is a popular container product which has been adopted widely by the community. Preface. IT industry has seen quite a few transformations in last couple of decades with advent of disruptive technologies.

Mining 105

How to build a cyber incident response team

IT Governance

Who will you call when your organisation has been compromised? Having a cyber incident response team ready to go can save your organisation from disaster. There’s no escaping the threat of cyber security incidents.

UK Parliament Seizes Internal Facebook Privacy Documents

Data Breach Today

Bikini App Developer's Lawsuit Discovery Feeds Parliament's Facebook Probe A British lawmaker has obtained sealed U.S.

Distributing Malware By Becoming an Admin on an Open-Source Project

Schneier on Security

The module "event-steam" was infected with malware by an anonymous someone who became an admin on the project.

Events 106

Experts demonstrate how to exfiltrate data using smart bulbs

Security Affairs

Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration.

How To 107

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

Michigan is known as the Wolverine State in deference to the ornery quadruped that roams its wild country. However, after a recent visit to Detroit, Ann Arbor and Grand Rapids as a guest of the Michigan Economic Development Corp., or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. Related: California’s pioneering privacy law ripples through other states. This new nickname may not roll off the tongue. But it does fit like a glove.

Dell, Dunkin Donuts Reset Passwords After Incidents

Data Breach Today

The Impacts of Both Incidents Appear to Be Limited Dell and Dunkin Donuts have both initiated password resets after experiencing separate security incidents aimed at gaining access to customer accounts. The impacts of the attacks, however, appear to be limited

Six ways that a pilot program helps your digital transformation succeed

TAB OnRecord

Pilot programs are a proven and effective way to minimize the risk of failures and maximize the benefits delivered by digitization initiatives. Here are six common ways that your colleagues are using pilot programs to ensure success when going digital: 1.

327 million Marriott guests affected in Starwood Data Breach

Security Affairs

Starwood Data Breach – Hackers accessed the guest reservation system of the Marriot owned Starwood since 2014 and copied and encrypted the information.

FBI Takes Down a Massive Advertising Fraud Ring

Schneier on Security

IT 87

Google Faces GDPR Complaints Over Web, Location Tracking

Data Breach Today

GDPR 216

Special Counsel Robert Mueller's Endgame May Be in Sight

WIRED Threat Level

Recent developments in the special counsel investigation show indicate that things are about to heat up. Security

New PowerShell-based Backdoor points to MuddyWater

Security Affairs

Security researchers at Trend Micro recently discovered PowerShell-based backdoor that resembles a malware used by MuddyWater threat actor. Malware researchers at Trend Micro have discovered a Powershell-based backdoor that is very similar to a malware used by MuddyWater APT group.

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

Michigan is cultivating a collection of amazing cybersecurity training facilities, called Cyber Range hubs, that are shining models for what’s possible when inspired program leaders are given access to leading-edge resources, wisely supplied by public agencies and private foundations.

Another Healthcare Website Security Issue Revealed

Data Breach Today

Tandigm Health Reports Vulnerability in Physician Portal In yet another sign that website security issues are far too common in the healthcare sector, Tandigm Health says a vulnerability on a physician portal potentially exposed patient data

The Marriott Hack: How to Protect Yourself

WIRED Threat Level

Up to 500 people's personal information has been stolen in a Marriott hack that lasted four years, one of the biggest breaches yet. Security

Ransomware attack disrupted emergency rooms at Ohio Hospital System

Security Affairs

Ransomware attacks continue to threaten the healthcare industry, the last incident in order of time impacted the Ohio Hospital System.

MY TAKE: Why security innovations paving the way for driverless cars will make IoT much safer

The Last Watchdog

Intelligent computing systems have been insinuating themselves into our homes and public gathering places for a while now. But smart homes, smart workplaces and smart shopping malls are just the warm-up act. Get ready for smart ground transportation. Related: Michigan’s Cyber Range hubs help narrow talent gap. Driverless autos, trucks and military transport vehicles are on a fast track for wide deployment in the next five years.

IoT 116

Court Approves Lenovo's $7.3 Million Adware Settlement

Data Breach Today

Manufacturer Preinstalled Superfish Visual Discovery Adware on 800,000 Laptops A court has preliminarily approved Lenovo's proposal to pay $7.3 million to settle a consolidated class action lawsuit filed over its preinstallation of Superfish adware onto laptops purchased by 800,000 consumers.

Uber fined £385,000 for data breach cover-up

IT Governance

The ICO (Information Commissioner’s Office) has fined Uber £385,000 for a data breach affecting 35 million people, including 2.7 million British customers.

North Korea-linked group Lazarus targets Latin American banks

Security Affairs

According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported.

Perspectives on the ‘Paris Call’

Thales Data Security

“We the People of the United States, in Order to form a more perfect Union”. Four score and seven years ago”. “I I have a dream”. These are very well known quotes to every American. These quotes where opening salvos by great leaders who knew we had to come together for change and for good.

The Profile of Modern-Day DDoS

Data Breach Today

Netscout Arbor's Tom Bienkowski on the Risks to Healthcare Organizations DDoS attacks against healthcare organizations have increased not only in size and scale, but especially in complexity, says Tom Bienkowski of Netscout Arbor. How can enterprises build upon their traditional DDoS defenses

Risk 196

GDPR data breach notification: A quick guide

IT Governance

The data breach notification requirements of the EU GDPR (General Data Protection Regulation) are complicated, so it’s no surprise that many organisations aren’t sure what they’re supposed to be doing. However, it’s crucial that you know what to do when disaster strikes.

FBI along with security firms dismantled 3ve Ad Fraud Operation

Security Affairs

FBI along with cybersecurity firms dismantled a sophisticated ad fraud scheme that allowed its operators to earn tens of millions of dollars.

Three-Rotor Enigma Machine Up for Auction Today

Schneier on Security

Sotheby's is auctioning off a (working, I think) three-rotor Enigma machine today. They're expecting it to sell for about $200K. I have an Enigma, but it's missing the rotors. cryptography enigma historyofcryptography

IT 74

Uber Fined $1.2 Million in EU for Breach Disclosure Delay

Data Breach Today

Credential Stuffing Attack Cracked Uber's Amazon S3 Buckets, Investigators Say Uber has been slammed with $1.2 million in fines by U.K. and Dutch privacy regulators for its cover-up of a 2016 data breach for more than a year.

How Cyber Essentials can help secure against malware

IT Governance

The Cyber Essentials scheme is a world-leading assurance mechanism for organisations of all sizes to help demonstrate that the most critical cyber security controls have been implemented.

The SLoad Powershell malspam is expanding to Italy

Security Affairs

A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. sLoad is a sophisticated script, used in the past to deliver different types of malware such as the dreaded “ Ramnit banker”.