Sat.Feb 16, 2019 - Fri.Feb 22, 2019

2019 Thales DTR: Global Edition: Facts that may surprise you

Thales eSecurity

A few weeks ago, we issued the Global Edition of our 2019 Thales Data Threat Report, now in its seventh year. This year much of the emphasis within the results was on how digital transformation can put organizations’ sensitive data at risk.

Password Managers Leave Crumbs in Memory, Researchers Warn

Data Breach Today

Popular Password Managers for Windows Fail to Tidy Up Before Locking Up Shop A security audit of popular password manager has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications.

New Breed of Fuel Pump Skimmer Uses SMS and Bluetooth

Krebs on Security

Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world.

Security experts released new GandCrab Decryptor for free

Security Affairs

Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Facebook May Be Fined for Billions for Cambridge Analytica Scandal

Adam Levin

Facebook’s long string of privacy scandals may (finally) have some meaningful repercussions by way of a multi-billion dollar fine from the Federal Trade Commission.

IT 110

More Trending

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

The U.S.

ATT&CKized Splunk – Threat Hunting with MITRE’s ATT&CK using Splunk

Security Affairs

Most of us know MITRE and the ATT&CK framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack.

Demo 113

Why Information Architecture is VITAL to Information Governance

Weissman's World

Our very own Kevin Parker has written another stellar piece on the importance of information architecture to information governance. You can read it in ARMA’s Information Management Magazine – and if you want to learn more, register for Kevin’s ARMA iMasters Webinar on February 27.

Hackers Target Fresh Drupal CMS Flaw to Infiltrate Sites

Data Breach Today

CMS Project Team Patches "Highly Critical" Remote Code Execution Vulnerability Patch alert: Some versions of the popular content management system Drupal have a "highly critical" flaw that attackers can exploit to remotely execute code.

CMS 244

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

MY TAKE: Here’s why the Internet Society’s new Privacy Code of Conduct deserves wide adoption

The Last Watchdog

When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established. That same year, then-Google CEO Eric Schmidt publicly admitted that Google’s privacy policy was to “get right up to the creepy line and not cross it.”. Related: Mark Zuckerberg’s intolerable business model. We now know, of course, they weren’t kidding.

Mining 104

Toyota PASTA Car-Hacking Tool will be soon on GitHub

Security Affairs

Toyota plans to release the PASTA (Portable Automotive Security Testbed) Car-Hacking Tool on GitHub next month.

Tools 111

Maltese bank thwarts huge cyber heist by taking its IT systems offline

IT Governance

Sometimes the only thing that can stop an outrageous plan is an even more outrageous one. At least that was the thinking at the Bank of Valletta in Malta, which last week prevented a daring cyber heist by shutting down its IT systems and plunging the organisation into cyber darkness.

IT 103

11 Takeaways: Targeted Ryuk Attacks Pummel Businesses

Data Breach Today

Faulty Decryptor Often Shreds Victims' Data, McAfee and Coveware Warn A rush by some media outlets to attribute a late-2018 alleged Ryuk ransomware infection at Tribune Publishing to North Korean attackers appears to have been erroneous, as many security experts warned at the time.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Why is Information Management Modernization So Important Right NOW?

AIIM

The combination of cloud technologies plus mobile is a volatile one when it comes to the sustainability of existing organizations. We’ve never before been in a disruptive environment quite like this one, and it demands much more agile approaches to IT.

Tips 100

These Are the Countries With the Best and Worst Cybersecurity

Security Affairs

Cybersecurity is a growing concern among governments, businesses and individuals around the world. Cyberattacks can have severe impacts on everyone. A recent report from researchers at the University of Oxford identified 57 different impacts that cyber incidents can have.

Weekly Update 126

Troy Hunt

Another week, another conference. This time it was Microsoft Ignite in Sydney and as tends to happen at these events, many casual meetups, chats, beers, selfies, delivery of HIBP stickers and an all-round good time, albeit an exhausting one.

Police Push Free Decryptor for GandCrab Ransomware

Data Breach Today

The Russian Sleuth Who Outs Moscow's Elite Hackers and Assassins

WIRED Threat Level

Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency. Security

Critical bug in WINRAR affects all versions released in the last 19 years

Security Affairs

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR.

Unactioned data subject access requests could lead to legal action

IT Governance

Buckinghamshire-based housing developer Magnacrest has been fined for failing to respond to DSARs (data subject access requests) , giving organisations a fresh reminder of the importance of the public’s legal rights to review the information that’s processed about them.

WhatsApp Flaw Could Enable iOS Message Snooping

Data Breach Today

Facebook Promises Quick Patch for Face ID and Touch ID Bypassing Problem Facebook says it will soon issue a patch for a bug in its WhatsApp messenger application that can circumvent a security feature launched just last month for Apple devices.

Access 234

7 Scenarios for How the Mueller Probe Might End

WIRED Threat Level

New reports say that Robert Mueller will be "wrapping up" his investigation soon. Here's what that might actually mean. Security

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Security Affairs

A new Astaroth Trojan campaign was spotted by the Cybereason’s Nocturnus team, hackers are targeting Brazil and European countries.

Cataloging IoT Vulnerabilities

Schneier on Security

Recent articles about IoT vulnerabilities describe hacking of construction cranes , supermarket freezers , and electric scooters. hacking internetofthings vulnerabilities

IoT 79

Wendy's Reaches $50 Million Breach Settlement With Banks

Data Breach Today

NATO Group Catfished Soldiers to Prove a Point About Privacy

WIRED Threat Level

With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders. Security

Facebook paid $25,000 for CSRF exploit that leads to Account Takeover

Security Affairs

Facebook paid a $25,000 bounty for a critical cross-site request forgery (CSRF) vulnerability that could have been exploited to hijack accounts simply by tricking users into clicki on a link.

The Calico cloud

DXC Technology

You know what’s one of the real pains of cloud and container based computing? Networking. Workloads on a cloud come and go faster than you can read this story. Connecting those workloads, especially when they become even more ephemeral containers, is not easy. That’s where the open-source Software Defined Network (SDN) Calico comes in. SDN […]. Cloud Networks Calico networking SDN

Cloud 78

Facebook Smackdown: UK Seeks 'Digital Gangster' Regulation

Data Breach Today

But Can New Laws and Greater Oversight Fix UK's 'Fake News' Challenges? Technology giants stand accused by a U.K. parliamentary committee of risking democracy in pursuit of profit, acting as monopolies and blocking attempts to hold them accountable.

Risk 230

Russian Hackers Go From Foothold to Full-On Breach in 19 Minutes

WIRED Threat Level

A new ranking of nation-state hacker speed puts Russia on top by a span of hours. Security

Facebook login phishing campaign can deceive tech-savvy users

Security Affairs

Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users. The technique relies upon the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block.