Sat.Feb 16, 2019 - Fri.Feb 22, 2019

2019 Thales DTR: Global Edition: Facts that may surprise you

Thales eSecurity

A few weeks ago, we issued the Global Edition of our 2019 Thales Data Threat Report, now in its seventh year. This year much of the emphasis within the results was on how digital transformation can put organizations’ sensitive data at risk.

Password Managers Leave Crumbs in Memory, Researchers Warn

Data Breach Today

Popular Password Managers for Windows Fail to Tidy Up Before Locking Up Shop A security audit of popular password manager has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications.

New Breed of Fuel Pump Skimmer Uses SMS and Bluetooth

Krebs on Security

Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world.

Security experts released new GandCrab Decryptor for free

Security Affairs

Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5.

Facebook May Be Fined for Billions for Cambridge Analytica Scandal

Adam Levin

Facebook’s long string of privacy scandals may (finally) have some meaningful repercussions by way of a multi-billion dollar fine from the Federal Trade Commission.

IT 114

Criminals, Nation-States Keep Hijacking BGP and DNS

Data Breach Today

While Exploitable Protocols and Processes Persist, Adoption of Secure Fixes Lags The internet is composed of a series of networks built on trust.

More Trending

ATT&CKized Splunk – Threat Hunting with MITRE’s ATT&CK using Splunk

Security Affairs

Most of us know MITRE and the ATT&CK framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack.

Demo 113

Why Information Architecture is VITAL to Information Governance

Weissman's World

Our very own Kevin Parker has written another stellar piece on the importance of information architecture to information governance. You can read it in ARMA’s Information Management Magazine – and if you want to learn more, register for Kevin’s ARMA iMasters Webinar on February 27.

11 Takeaways: Targeted Ryuk Attacks Pummel Businesses

Data Breach Today

Faulty Decryptor Often Shreds Victims' Data, McAfee and Coveware Warn A rush by some media outlets to attribute a late-2018 alleged Ryuk ransomware infection at Tribune Publishing to North Korean attackers appears to have been erroneous, as many security experts warned at the time.

Maltese bank thwarts huge cyber heist by taking its IT systems offline

IT Governance

Sometimes the only thing that can stop an outrageous plan is an even more outrageous one. At least that was the thinking at the Bank of Valletta in Malta, which last week prevented a daring cyber heist by shutting down its IT systems and plunging the organisation into cyber darkness.

IT 100

Toyota PASTA Car-Hacking Tool will be soon on GitHub

Security Affairs

Toyota plans to release the PASTA (Portable Automotive Security Testbed) Car-Hacking Tool on GitHub next month.

Tools 111

Cataloging IoT Vulnerabilities

Schneier on Security

Recent articles about IoT vulnerabilities describe hacking of construction cranes , supermarket freezers , and electric scooters. hacking internetofthings vulnerabilities

IoT 87

Police Push Free Decryptor for GandCrab Ransomware

Data Breach Today

The Russian Sleuth Who Outs Moscow's Elite Hackers and Assassins

WIRED Threat Level

Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency. Security

Critical bug in WINRAR affects all versions released in the last 19 years

Security Affairs

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR.

Weekly Update 126

Troy Hunt

Another week, another conference. This time it was Microsoft Ignite in Sydney and as tends to happen at these events, many casual meetups, chats, beers, selfies, delivery of HIBP stickers and an all-round good time, albeit an exhausting one.

Hackers Target Fresh Drupal CMS Flaw to Infiltrate Sites

Data Breach Today

CMS Project Team Patches "Highly Critical" Remote Code Execution Vulnerability Patch alert: Some versions of the popular content management system Drupal have a "highly critical" flaw that attackers can exploit to remotely execute code.

CMS 222

7 Scenarios for How the Mueller Probe Might End

WIRED Threat Level

New reports say that Robert Mueller will be "wrapping up" his investigation soon. Here's what that might actually mean. Security

These Are the Countries With the Best and Worst Cybersecurity

Security Affairs

Cybersecurity is a growing concern among governments, businesses and individuals around the world. Cyberattacks can have severe impacts on everyone. A recent report from researchers at the University of Oxford identified 57 different impacts that cyber incidents can have.

Gen. Nakasone on US CyberCommand

Schneier on Security

Really interesting article by and interview with Paul M. Nakasone (Commander of U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service) in the current issue of Joint Forces Quarterly.

WhatsApp Flaw Could Enable iOS Message Snooping

Data Breach Today

Facebook Promises Quick Patch for Face ID and Touch ID Bypassing Problem Facebook says it will soon issue a patch for a bug in its WhatsApp messenger application that can circumvent a security feature launched just last month for Apple devices.

Access 219

NATO Group Catfished Soldiers to Prove a Point About Privacy

WIRED Threat Level

With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders. Security

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Security Affairs

A new Astaroth Trojan campaign was spotted by the Cybereason’s Nocturnus team, hackers are targeting Brazil and European countries.

Reverse Location Search Warrants

Schneier on Security

Wendy's Reaches $50 Million Breach Settlement With Banks

Data Breach Today

Why is Information Management Modernization So Important Right NOW?

AIIM

The combination of cloud technologies plus mobile is a volatile one when it comes to the sustainability of existing organizations. We’ve never before been in a disruptive environment quite like this one, and it demands much more agile approaches to IT.

Tips 79

Facebook paid $25,000 for CSRF exploit that leads to Account Takeover

Security Affairs

Facebook paid a $25,000 bounty for a critical cross-site request forgery (CSRF) vulnerability that could have been exploited to hijack accounts simply by tricking users into clicki on a link.

Estonia's Volunteer Cyber Militia

Schneier on Security

Interesting -- although short and not very detailed -- article about Estonia's volunteer cyber-defense militia.

Facebook Smackdown: UK Seeks 'Digital Gangster' Regulation

Data Breach Today

But Can New Laws and Greater Oversight Fix UK's 'Fake News' Challenges? Technology giants stand accused by a U.K. parliamentary committee of risking democracy in pursuit of profit, acting as monopolies and blocking attempts to hold them accountable.

Risk 213

How to beat the creative content crunch

OpenText Information Management

With the demand for creative content to support an ever-increasing volume of campaigns and programs on the rise, marketers turn to digital asset management (DAM) solutions to address their creative challenges.

Facebook login phishing campaign can deceive tech-savvy users

Security Affairs

Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users. The technique relies upon the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block.

The Calico cloud

DXC Technology

You know what’s one of the real pains of cloud and container based computing? Networking. Workloads on a cloud come and go faster than you can read this story. Connecting those workloads, especially when they become even more ephemeral containers, is not easy. That’s where the open-source Software Defined Network (SDN) Calico comes in. SDN […]. Cloud Networks Calico networking SDN

Cloud 77

Big Dump of Pakistani Bank Card Data Appears on Carder Site

Data Breach Today

Street Value of 70,000 Cards on Joker's Stash is $3.5 Million, Group-IB Says The notorious carder site Joker's Stash is featuring a fresh batch of Pakistani banks' payment card data with an estimated street value of $3.5 million.

Groups 188

Digital Transformation In Retail: The Retail Apocalypse

erwin

Much like the hospitality industry , digital transformation in retail has been a huge driver of change.