Sat.Apr 27, 2019 - Fri.May 03, 2019

Defending Democracies Against Information Attacks

Schneier on Security

To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist.

2 Million IoT Devices Have P2P Software Flaw: Researcher

Data Breach Today

Vulnerabilities Found in Security Cameras, Baby Monitors and More An independent security researcher is warning about a vulnerability in peer-to-peer software used in millions of IoT devices that could allow a hacker to eavesdrop on conversations or turn these items into a botnet

IoT 243

GUEST ESSAY: Six risks tied to social media marketing that all businesses should heed

The Last Watchdog

While the internet and social media have been very positive for businesses, there remains an inherent risk when it comes to how brands manage their Facebook, Twitter, and Instagram accounts. Related: Defusing weaponized documents While social media on every platform has benefits, there remains risks that must be addressed so as to keep your companies’ image and data safe.

Data: E-Retail Hacks More Lucrative Than Ever

Krebs on Security

For many years and until quite recently, credit card data stolen from online merchants has been worth far less in the cybercrime underground than cards pilfered from hacked brick-and-mortar stores.

Retail 221

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Trump’s World Still Faces 16 Known Criminal Probes

WIRED Threat Level

Mueller is done and Rosenstein is on his way out the door, but federal and state authorities around the country are still investigating the president and those in his orbit. Backchannel Security

More Trending

NEW TECH: How Semperis came to close a huge gap in Active Directory disaster preparedness

The Last Watchdog

In today’s complex IT environments, a million things can go wrong, though only a few systems touch everything.

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers.

Federal cybersecurity: breaking down the barriers to adoption

Thales eSecurity

Over the last two election cycles, we’ve seen an increased focus on election security, hacking and fraud. While many state and government officials are under no illusion that they are safe from a digital attack, concern should run deeper than election integrity.

Citrix Hackers Camped in Tech Giant's Network for 6 Months

Data Breach Today

FBI Tipoff Led to Discovery; Citrix Blames Poor Password Security Citrix says the data breach it first disclosed in early March appears to have persisted for six months before being discovered and hackers ejected.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

If your company is participating in the global supply chain, either as a first-party purchaser of goods and services from other organizations, or as a third-party supplier, sooner or later you’ll encounter the NIST Cybersecurity Framework.

Feds Bust Up Dark Web Hub Wall Street Market

Krebs on Security

Why Isn't GDPR Being Enforced?

Schneier on Security

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices.

GDPR 106

Vodafone, Huawei Dispute Report of Telnet 'Backdoor'

Data Breach Today

Huawei Denies Concealing Backdoors in Equipment Vodafone is disputing a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipment could have allowed unauthorized access to its fixed-line carrier network in Italy.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

Defending a company network is a dynamic, multi-faceted challenge that continues to rise in complexity, year after year after year. Related: Why diversity in training is a good thing. Yet there is a single point of failure common to just about all network break-ins: humans.

Over 23 million breached accounts were using ‘123456’ as password

Security Affairs

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password.

Why are Remote Collaboration Tools the Future of Work?

AIIM

Before the introduction of online collaboration tools, work used to take place only in the office. However, online collaboration application has made a huge transformation. Nowadays, work is executed from the place where the team members are present.

Tools 101

Trump Order Aims to Boost Federal Cybersecurity Workforce

Data Breach Today

Executive Order Creates a 'Cybersecurity Competition' to Offer Rewards President Donald Trump on Thursday signed an executive order that offers a mix of incentives and new guidelines aimed at hiring and retaining more security pros to work within the federal government.

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

The Last Watchdog

Small and midsize businesses — so-called SMBs — face an acute risk of sustaining a crippling cyberattack. This appears to be even more true today than it was when I began writing about business cyber risks at USA TODAY more than a decade ago. Related: ‘Malvertising’ threat explained However, one small positive step is that company decision makers today, at least, don’t have their heads in the sand.

Risk 150

How to Hack Dell computers exploiting a flaw in pre-installed Dell SupportAssist

Security Affairs

A flaw in Dell SupportAssist, a pre-installed tool on most Dell computers, could be exploited by hackers to compromise them remotely.

How To 103

Cybersecurity for the Public Interest

Schneier on Security

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals.

Darknet Disruption: 'Wall Street Market' Closed for Business

Data Breach Today

Suspected Admins Arrested in Germany and Alleged Top Narcotics Vendors in US German police have disrupted Wall Street Market and arrested its alleged administrators, who apparently "exit scammed" with $13 million in bitcoins, while U.S.

Survey reveals just how bad the UK is at creating passwords

IT Governance

There are more than 171,000 words in the English language, and yet millions of us can’t look beyond the word that’s right in front of us when selecting a password. Yes, the NCSC (National Cyber Security Centre)’s Cyber Security Survey found that 3.6 million Britons use ‘password’ as their password.

Authorities shut down major darknet marketplaces: the Wall Street Market and Valhalla

Security Affairs

German police have shut down one of the world’s largest black marketplace in the darkweb, the ‘Wall Street Market,’ and arrested its operators.

On Security Tokens

Schneier on Security

Mark Risher of Google extols the virtues of security keys: I'll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify the site, the *site* has to prove itself to the key.

Docker Hub Breach: It's Not the Numbers; It's the Reach

Data Breach Today

Potential Leak of GitHub, Bitbucket Tokens As Well Docker, which offers an open source container platform, is notifying users that an intruder briefly had access to sensitive data from 190,000 Docker Hub accounts, or less than 5 percent of Hub users.

IT 212

Industry Guide to Manufacturing: Four trends for the Intelligent and Connected manufacturer

OpenText Information Management

While the manufacturing sector has continued to grow steadily over the last decade, the forecast from the US National Association of Manufacturers is for growth in the US to slow in 2019 due to skills shortages and the high cost of raw materials.

Docker Hub Database hacked, 190,000 users impacted

Security Affairs

Docker became aware of unauthorized access to a Docker Hub database that exposed sensitive information for roughly 190,000 users. Docker notified its users that an unauthorized entity gained access to a Docker Hub database that exposed sensitive information for roughly 190,000 users.

Stealing Ethereum by Guessing Weak Private Keys

Schneier on Security

Someone is stealing millions of dollars worth of Ethereum by guessing users' private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here.

Paper 92

DHS: Federal Agencies Need to Patch Vulnerabilities Faster

Data Breach Today

Directive: 'Critical' Vulnerabilities Must Be Patched Within 15 Days The U.S. Department of Homeland Security is requiring that federal agencies speed up patching and remediating "critical" and "high" software vulnerabilities. Security experts say this change is long overdue.

Enterprise Architect: A Role That Keeps Evolving

erwin

Enterprise architect is a common job title within IT organizations at large companies, but the term lacks any standard definition.

Critical flaw in Qualcomm chips exposes sensitive data for Android Devices

Security Affairs

Researchers devised a new side-channel attack in Qualcomm technology, widely used by most Android smartphones, that could expose private keys.

Paper 98