Sat.Dec 15, 2018 - Fri.Dec 21, 2018

GUEST ESSAY: The true cost of complacency, when it comes to protecting data, content

The Last Watchdog

Facebook was lucky when the Information Commissioner’s Office (ICO)—the UK’s independent authority set up to uphold information rights in the public interest—hit the U.S. social media company with a £500,000 fine. Related: Zuckerberg’s mea culpa rings hollow. This penalty was in connection with Facebook harvesting user data, over the course of seven years — between 2007 and 2014. This user data became part of the now infamous Cambridge Analytica scandal.

A Chief Security Concern for Executive Teams

Krebs on Security

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site.

GDPR: EU Sees More Data Breach Reports, Privacy Complaints

Data Breach Today

Ireland, France, Germany and UK Report Increases Since Privacy Law Took Effect The number of data breach reports filed since the EU General Data Protection Regulation went into effect has hit nearly 3,500 in Ireland, over 4,600 in Germany, 6,000 in France and 8,000 in the U.K.

Countering Attacks That Leverage IoT

Data Breach Today

Eddie Doyle of Checkpoint Software on Mitigation Strategies How are cybercrime syndicates launching attacks that leverage IoT devices? Eddie Doyle of Check Point Software Technologies offers insights on the latest attack strategies and how to counter them

IoT 171

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

NASA data breach – The agency notifies employees of a security intrusion

Security Affairs

National Aeronautics and Space Administration (NASA) notifies employees of a data breach that exposed social security numbers and other personal information.

More Trending

GUEST ESSAY: Top cybersecurity developments that can be expected to fully play out in 2019

The Last Watchdog

From a certain perspective, 2018 hasn’t been as dramatic a cybersecurity year as 2017, in that we haven’t seen as many global pandemics like WannaCry. Related: WannaCry signals worse things to come. Still, Ransomware, zero-day exploits, and phishing attacks, were among the biggest threats facing IT security teams this year. 2018 has not been a d ull y ear as far as breaches.

Hackers Intercepted EU Diplomatic Cables for 3 Years

Data Breach Today

US ballistic missile defense systems (BMDS) open to cyber attacks

Security Affairs

Ballistic Missile Defense Systems Fail Cybersecurity Audit. US DoD Inspector General’s report revealed United States’ ballistic missile defense systems (BMDS) fail to implements cyber security requirements. The U.S.

Feds Charge Three in Mass Seizure of Attack-for-hire Services

Krebs on Security

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Drone Denial-of-Service Attack against Gatwick Airport

Schneier on Security

Someone is flying a drone over Gatwick Airport in order to disrupt service: Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen.

IT 96

Ireland's Privacy Watchdog Probes Facebook Data Breaches

Data Breach Today

Million Users' Private Photos Exposed, Triggering GDPR Investigation Ireland's privacy watchdog is probing data breaches at Facebook that exposed users' private data. In the latest breach to be disclosed, Facebook has warned that for a 12-day period in September, up to 6.8

Researcher disclosed a Windows zero-day for the third time in a few months

Security Affairs

Security researcher SandboxEscaper released a working proof-of-concept (PoC) exploit for a new Windows zero-day vulnerability. Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter.

GDPR: What will happen after a no-deal Brexit?

IT Governance

Since a no-deal Brexit is starting to look more and more likely, the UK government last week released additional guidance to supplement the ICO’s (Information Commissioner’s Office) previous description of the future data protection regime.

GDPR 97

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

AI for Insight: Three things we learned at the Forrester Data Strategy and Insights Forum

OpenText Information Management

We live in an age of unequaled access to data. By some estimates, the average company has between 150 and 400 terabytes of information stored. A large enterprise may have multiple petabytes, i.e. as much data as all the printed books in the world.

2 Chinese Nationals Indicted for Cyber Espionage

Data Breach Today

Prosecutors Say They Were Part of APT10 Group and Had Government Ties The U.S. Department of Justice on Thursday unsealed an indictment charging two Chinese nationals in connection with a cyber espionage campaign, alleging they acted in association with a government agency

Twitter uncovered a possible nation-state attack

Security Affairs

Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform. Experts at Twitter discovered a possible state-sponsored attack while they were investigating an information disclosure vulnerability affecting its support forms.

Blog 98

Fraudulent Tactics on Amazon Marketplace

Schneier on Security

Fascinating article about the many ways Amazon Marketplace sellers sabotage each other and defraud customers. The opening example: framing a seller for false advertising by buying fake five-star reviews for their products.

Sales 90

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adam Levin

The U.S. Ballistic Missile Defense System (BMDS) falls short of critical cybersecurity standards, according to an audit issued by the Department of Defense Inspector General.

Twitter Sees Signs of State-Sponsored Attack

Data Breach Today

Separately, Steganographic Cybercrime Scheme Employs Malicious Twitter Memes Twitter says that an unspecified number of its users may have been targeted by state-sponsored hackers seeking to unmask their identity.

Trends 217

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Security Affairs

Researchers at Palo Alto Networks discovered that the Russian-linked Sofacy APT has written a new version of their Zebrocy backdoor using the Go programming language.

Tools 98

A Complete Guide to All 17 (Known) Trump and Russia Investigations

WIRED Threat Level

The investigation in to Russian interference and Donald Trump has sprung so many offshoots, it's hard to keep track. Here's a comprehensive list. It's long. Security

IT 88

Your checklist for responding to and reporting data breaches

IT Governance

This blog has been updated to reflect industry updates. Originally published 25 October 2018. There is a lot you need to do after you discover a data breach, so it’s a good idea to keep a checklist.

Email-Related Breaches: Why Are There So Many?

Data Breach Today

How Addressing Common Mistakes, Security Gaps Can Help Prevent These Incidents Several recent health data breaches point to the need to better mitigate the risks posed by email. Why do these incidents keep happening, and what can be done to help prevent them

Czech cyber-security agency warns over Huawei, ZTE security threat

Security Affairs

A Czech cyber-security agency is warning against using Huawei and ZTE technologies because they pose a threat to state security.

Amnesty Report: Twitter Abuse Toward Women Is Rampant

WIRED Threat Level

Frustrated by Twitter's silence on abuse against women, Amnesty International crowdsourced its own data and found that the platform was especially toxic for black women. Security

Data 87

OpenText buys Liaison Technologies

OpenText Information Management

I’m pleased to announce that OpenText has acquired Liaison Technologies, a recognized leader in cloud-based information integration and data management solutions.

Key Drivers to Enable Digital Transformation in Financial Services

Data Breach Today

Digital transformation (DX) continues to drive growth across financial services firms, creating new opportunities to increase revenue and foster innovation.

Malware controlled through commands hidden in memes posted on Twitter

Security Affairs

New Malware Takes Commands From Memes Posted On Twitter. Security researchers at Trend Micro have spotted a new strain of malware that retrieved commands from memes posted on a Twitter account controlled by the attackers.

2019 may not be the year of quantum, but it should be the year of preparation

Thales eSecurity

A few weeks ago, the National Academies of Sciences, Engineering and Medicine published a new report exploring the progress and prospects – or lack of – around quantum computing.

IT 82

Congressional Report on the 2017 Equifax Data Breach

Schneier on Security

The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this.

Why Perimeter Security Still Matters

Data Breach Today

Adam Bixler of Netscout on Countering Evolving Attacks Why do CISOs need to continue to pay attention to perimeter security? Adam Bixler of Netscout Systems provides insights on the importance of countering rapidly evolving perimeter attacks