Sat.Apr 27, 2019 - Fri.May 03, 2019

Defending Democracies Against Information Attacks

Schneier on Security

To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist.

2 Million IoT Devices Have P2P Software Flaw: Researcher

Data Breach Today

Vulnerabilities Found in Security Cameras, Baby Monitors and More An independent security researcher is warning about a vulnerability in peer-to-peer software used in millions of IoT devices that could allow a hacker to eavesdrop on conversations or turn these items into a botnet

IoT 245

GUEST ESSAY: Six risks tied to social media marketing that all businesses should heed

The Last Watchdog

While the internet and social media have been very positive for businesses, there remains an inherent risk when it comes to how brands manage their Facebook, Twitter, and Instagram accounts. Related: Defusing weaponized documents While social media on every platform has benefits, there remains risks that must be addressed so as to keep your companies’ image and data safe.

Data: E-Retail Hacks More Lucrative Than Ever

Krebs on Security

For many years and until quite recently, credit card data stolen from online merchants has been worth far less in the cybercrime underground than cards pilfered from hacked brick-and-mortar stores.

Retail 214

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Trump’s World Still Faces 16 Known Criminal Probes

WIRED Threat Level

Mueller is done and Rosenstein is on his way out the door, but federal and state authorities around the country are still investigating the president and those in his orbit. Backchannel Security

More Trending

NEW TECH: How Semperis came to close a huge gap in Active Directory disaster preparedness

The Last Watchdog

In today’s complex IT environments, a million things can go wrong, though only a few systems touch everything.

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers.

How to Hack Dell computers exploiting a flaw in pre-installed Dell SupportAssist

Security Affairs

A flaw in Dell SupportAssist, a pre-installed tool on most Dell computers, could be exploited by hackers to compromise them remotely.

How To 109

Citrix Hackers Camped in Tech Giant's Network for 6 Months

Data Breach Today

FBI Tipoff Led to Discovery; Citrix Blames Poor Password Security Citrix says the data breach it first disclosed in early March appears to have persisted for six months before being discovered and hackers ejected.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

If your company is participating in the global supply chain, either as a first-party purchaser of goods and services from other organizations, or as a third-party supplier, sooner or later you’ll encounter the NIST Cybersecurity Framework.

Feds Bust Up Dark Web Hub Wall Street Market

Krebs on Security

Over 23 million breached accounts were using ‘123456’ as password

Security Affairs

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password.

Vodafone, Huawei Dispute Report of Telnet 'Backdoor'

Data Breach Today

Huawei Denies Concealing Backdoors in Equipment Vodafone is disputing a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipment could have allowed unauthorized access to its fixed-line carrier network in Italy.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

Defending a company network is a dynamic, multi-faceted challenge that continues to rise in complexity, year after year after year. Related: Why diversity in training is a good thing. Yet there is a single point of failure common to just about all network break-ins: humans.

Why Isn't GDPR Being Enforced?

Schneier on Security

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices.

GDPR 101

Authorities shut down major darknet marketplaces: the Wall Street Market and Valhalla

Security Affairs

German police have shut down one of the world’s largest black marketplace in the darkweb, the ‘Wall Street Market,’ and arrested its operators.

Trump Order Aims to Boost Federal Cybersecurity Workforce

Data Breach Today

Executive Order Creates a 'Cybersecurity Competition' to Offer Rewards President Donald Trump on Thursday signed an executive order that offers a mix of incentives and new guidelines aimed at hiring and retaining more security pros to work within the federal government.

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

The Last Watchdog

Small and midsize businesses — so-called SMBs — face an acute risk of sustaining a crippling cyberattack. This appears to be even more true today than it was when I began writing about business cyber risks at USA TODAY more than a decade ago. Related: ‘Malvertising’ threat explained However, one small positive step is that company decision makers today, at least, don’t have their heads in the sand.

Risk 149

Industry Guide to Manufacturing: Four trends for the Intelligent and Connected manufacturer

OpenText Information Management

While the manufacturing sector has continued to grow steadily over the last decade, the forecast from the US National Association of Manufacturers is for growth in the US to slow in 2019 due to skills shortages and the high cost of raw materials.

Docker Hub Database hacked, 190,000 users impacted

Security Affairs

Docker became aware of unauthorized access to a Docker Hub database that exposed sensitive information for roughly 190,000 users. Docker notified its users that an unauthorized entity gained access to a Docker Hub database that exposed sensitive information for roughly 190,000 users.

Darknet Disruption: 'Wall Street Market' Closed for Business

Data Breach Today

Suspected Admins Arrested in Germany and Alleged Top Narcotics Vendors in US German police have disrupted Wall Street Market and arrested its alleged administrators, who apparently "exit scammed" with $13 million in bitcoins, while U.S.

Federal cybersecurity: breaking down the barriers to adoption

Thales eSecurity

Over the last two election cycles, we’ve seen an increased focus on election security, hacking and fraud. While many state and government officials are under no illusion that they are safe from a digital attack, concern should run deeper than election integrity.

Survey reveals just how bad the UK is at creating passwords

IT Governance

There are more than 171,000 words in the English language, and yet millions of us can’t look beyond the word that’s right in front of us when selecting a password. Yes, the NCSC (National Cyber Security Centre)’s Cyber Security Survey found that 3.6 million Britons use ‘password’ as their password.

Critical flaw in Qualcomm chips exposes sensitive data for Android Devices

Security Affairs

Researchers devised a new side-channel attack in Qualcomm technology, widely used by most Android smartphones, that could expose private keys.

Paper 106

Docker Hub Breach: It's Not the Numbers; It's the Reach

Data Breach Today

Potential Leak of GitHub, Bitbucket Tokens As Well Docker, which offers an open source container platform, is notifying users that an intruder briefly had access to sensitive data from 190,000 Docker Hub accounts, or less than 5 percent of Hub users.

IT 216

Cybersecurity for the Public Interest

Schneier on Security

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals.

Industry Guide to Public Sector: What’s driving digital transformation in government?

OpenText Information Management

Technology is rapidly changing how public sector organizations work and serve citizens.

APT34: Glimpse project

Security Affairs

The APT34 Glimpse project is maybe the most complete APT34 project known so far, the popular researcher Marco Ramilli analyzed it for us.

Huawei's Role in 5G Networks: A Matter of Trust

Data Breach Today

UK Government May Allow Chinese Manufacturer to Supply 'Noncore' Infrastructure As governments around the world continue plans to build out their nations' 5G networks, worries persist about whether Chinese manufacturers can be trusted.

Stealing Ethereum by Guessing Weak Private Keys

Schneier on Security

Someone is stealing millions of dollars worth of Ethereum by guessing users' private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here.

Paper 90

List of data breaches and cyber attacks in April 2019 – 1.34 billion records leaked

IT Governance

We would’ve been talking about an extraordinarily low number of breached records this month if it hadn’t been for a string of incidents in India, another Facebook gaffe and a massive blunder in China, in which a series of companies exposed almost 600 million citizens’ CVs. Still, April 2019 saw a not completely disastrous 1,334,488,724 breached records. That’s better than last month, bringing the annual total to 5.64 billion and reducing the monthly average to 1.46 billion.