Sat.Dec 29, 2018 - Fri.Jan 04, 2019

Tor Is Easier Than Ever. Time to Give It a Try

WIRED Threat Level

Been curious about Tor but worried it's too complicated to use? Good news: The anonymity service is more accessible than ever. Security

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company.

The 4 stages of cyber resilience

IT Governance

Until recently, organisations often spent almost all of their information security budget on prevention, effectively taking an all-or-nothing approach to the threat of data breaches. They either repelled the attack or faced the consequences head-on.

GDPR 102

Hackers Leak Hundreds of German Politicians' Personal Data

Data Breach Today

10 Personal Finance Lessons for Technology Professionals

Troy Hunt

Patience. Frugality. Sacrifice. When you boil it down, what do those three things have in common? Those are choices. Money is not peace of mind. Money’s not happiness. Money is, at its essence, that measure of a man’s choices.

Happy 9th Birthday, KrebsOnSecurity!

Krebs on Security

Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com!

More Trending

2018 Health Data Breach Tally: An Analysis

Data Breach Today

Hacking Incidents Still Dominate, But Fewer Huge Incidents Than in Years Past Major health data breaches added to the official federal tally in 2018 impacted more than twice as many individuals as the incidents added to the list 2017.

‘Roma225’ campaign targets companies in the Italian automotive sector

Security Affairs

‘Roma225’ campaign -The Cybaze-Yoroi ZLab researchers investigated a recent espionage malware implant weaponized to target companies in the Italian automotive sector.

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

Krebs on Security

Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned.

Predictions 2019: Stay Stoney, My Friends.

John Battelle's Searchblog

If predictions are like baseball, I’m bound to have a bad year in 2019, given how well things went the last time around.

Stop the Presses: Don't Rush Tribune Ransomware Attribution

Data Breach Today

Nation States and Cybercrime Gangs Keep Blurring; Tools Alone Don't Equal Actors Don't rush to blame the printing outage at newspapers owned by Tribune Publishing on anything more than an organization failing to block a malware outbreak. And even if it does prove to be a Ryuk ransomware attack, there's no proof yet that any particular nation state is behind the campaign, experts warn

Facebook tracks non-users via Android Apps

Security Affairs

New thunderclouds on Facebook, the social network giant is accused of tracking non-users via Android apps.

Perspective Check – Anticipation 2019

Weissman's World

It’s 2019, and Steve Weissman anticipates and addresses a number of key themes for the new year: 0:44 – Metadata and database fields: ‘labels’ as the keys to … everything! 1:38 – AI and machine learning: not the same things, no matter what the marketing says 3:24 – RPA: simply workflow by another name? 4:08 […]. The post Perspective Check – Anticipation 2019 appeared first on Holly Group.

6 tools to help you prevent and respond to data breaches

IT Governance

There are few things organisations fear more than data breaches. They cause immediate delays, are expensive and could lead to long-term reputational damage. The stakes were raised with the enforcement of the EU GDPR (General Data Protection Regulation) in May 2018.

HHS Publishes Guide to Cybersecurity Best Practices

Data Breach Today

Co-Developed with Healthcare Sector Coordinating Council, Designed for Organizations of All Sizes With the aim of helping healthcare entities of all sizes improve their cybersecurity, the Department of Health and Human Services has issued a four-volume publication of voluntary best practices.

SandboxEscaper released PoC code for a new Windows zero-day

Security Affairs

Security expert SandboxEscaper published a proof-of-concept (PoC) code for a new Windows zero-day, it is the fourth she released this year.

Events 105

2018 Retrospective

Troy Hunt

I started doing these retrospectives 3 years ago in my first year of independence. I reckon they're a good thing for everyone to do if not in written form then at least mentally to look back on your achievements of the year.

Suspected Hack Disrupts Major Newspapers

Adam Levin

A cyberattack disrupted several major newspapers printed by Tribune Publishing shortly before New Year’s Day.

Ransom Moves: The Dark Overlord Keeps Pressuring Victims

Data Breach Today

Demanding Bitcoins, Blackmailing Hacker Group Turns to 9/11 Conspiracies The notorious hacker gang The Dark Overlord continues its blackmail efforts, turning its hand to 9/11 conspiracy theories to try to sell stolen insurance documents.

Hackers stole $750,000 worth Bitcoin from Electrum wallets

Security Affairs

The latest attack of 2018 against cryptocurrency wallets and organizations in the cryptocurrency industry hit the popular Electrum wallets. Hackers hit Electrum Bitcoin wallet and stole over 200 bitcoin, more than $750,000.

China's APT10

Schneier on Security

Wired has an excellent article on China's APT10 hacking group. Specifically, on how they hacked managed service providers in order to get to their customers' networks. I am reminded of the NSA's " I Hunt Sysadmins " presentation, published by the Intercept. china hacking nsa

7 Habits of a Highly Effective CISO: 2019 Data Security Resolutions

Thales eSecurity

It’s 2019 and data is everywhere – and what you can do with what is at your fingertips is truly transformative.

It's Great to Go Straight

Data Breach Today

Ex-Cybercriminal Brett Johnson Discusses Life as a Keynote Speaker It's good to be legal, according to Brett Johnson, formerly America's most wanted cybercriminal, as he reflects on a year of his experiences speaking at ISMG Summits

IT 155

Malware-based attack hit delivery chain of the major US newspapers

Security Affairs

The LA Times revealed that a malware-based attack hits the delivery chain of the major US newspapers delaying the hardcopy distribution. A malware-based attack originated outside the US hit US major US newspapers delaying their hardcopy distribution.

Paper 104

Selecting the best AI-powered analytics software for Life Sciences in 2019

OpenText Information Management

Artificial intelligence or AI is fast becoming a key technology for the life sciences field. Combined with advanced analytics, it has almost limitless potential to deliver superior data, leading to better and more efficient drug development, reduced costs and increased profits.

Will 2019 Be the Year Cybersecurity Goes Mainstream?

Adam Levin

2019 will be the year consumers start thinking more about cyber hygiene , and the year Congress becomes more proactive in the areas of privacy and cybersecurity.

Suspected Ransomware Outbreak Disrupts US Newspapers

Data Breach Today

Tribune Media Suspects Ryuk Ransomware Hit Publishing and Production Systems Production of newspapers owned by Chicago-based Tribune Publishing have been disrupted after malware began infecting the company's publishing and printing systems. Tribune newspapers report that they appear to have been hit by crypto-locking Ryuk ransomware

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Security Affairs

A new variant of the NRSMiner is infecting users in the southern region of Asia, most of the victims are in Vietnam (54%), Iran (16%) and Malaysia (12%). The new version leverages the EternalBlue exploit to spread, experts observed that the threat also updates existing NRSMiner installs.

Mining 101

The Most Dangerous People on the Internet in 2018: Trump, Zuck and More

WIRED Threat Level

From Donald Trump to Russian hackers, these are the most dangerous characters we've been watching online in 2018. Security

Connecting the dots between security intentions and actions -- Infographic

AIIM

On average, organizations believe the volume of information will grow from X to 4.2X. This explosive growth translates into a rising ride of chaos. 75% of organizations see information chaos as a major problem for their organization.

Microsoft's Top 3 Cybersecurity Concerns for 2019

Data Breach Today

With an operating system that's used by 90 percent of Fortune 500 companies, Microsoft closely monitors cyberattack trends. Joram Borenstein, general manager of Microsoft's Cybersecurity Solutions Group, discusses his top three concerns for 2019

Hackers bypassed vein based authentication with a fake hand

Security Affairs

A couple of researchers demonstrated how to bypass vein based authentication using a fake hand build from a photo. If you consider vein based authentication totally secure, you have to know that a group of researchers demonstrated the opposite at the Chaos Communication Congress hacking conference.

The Elite Intel Team Still Fighting Meltdown and Spectre

WIRED Threat Level

One year after a pair of devastating processor vulnerabilities were first disclosed, Intel's still dealing with the fallout. Security

2019 IT Security Employment Outlook: The Hottest Skills and Markets

eSecurity Planet

With a need for 3 million IT security pros, cybersecurity remains a hot market. Here are the skills most in demand and the best places to find a job