Sat.Dec 29, 2018 - Fri.Jan 04, 2019

Tor Is Easier Than Ever. Time to Give It a Try

WIRED Threat Level

Been curious about Tor but worried it's too complicated to use? Good news: The anonymity service is more accessible than ever. Security

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company.

The 4 stages of cyber resilience

IT Governance

Until recently, organisations often spent almost all of their information security budget on prevention, effectively taking an all-or-nothing approach to the threat of data breaches. They either repelled the attack or faced the consequences head-on.

GDPR 100

Hackers Leak Hundreds of German Politicians' Personal Data

Data Breach Today

Predictions 2018: How I Did. (Pretty Damn Well, Turns Out)

John Battelle's Searchblog

Nostradamus. Every year I write predictions for the year ahead. And at the end of that year, I grade myself on how I did. I love writing this post, and thankfully you all love reading it as well.

Trends 114

Happy 9th Birthday, KrebsOnSecurity!

Krebs on Security

Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com!

More Trending

2018 Health Data Breach Tally: An Analysis

Data Breach Today

Hacking Incidents Still Dominate, But Fewer Huge Incidents Than in Years Past Major health data breaches added to the official federal tally in 2018 impacted more than twice as many individuals as the incidents added to the list 2017.

Predictions 2019: Stay Stoney, My Friends.

John Battelle's Searchblog

If predictions are like baseball, I’m bound to have a bad year in 2019, given how well things went the last time around.

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

Krebs on Security

Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned.

6 tools to help you prevent and respond to data breaches

IT Governance

There are few things organisations fear more than data breaches. They cause immediate delays, are expensive and could lead to long-term reputational damage. The stakes were raised with the enforcement of the EU GDPR (General Data Protection Regulation) in May 2018.

HHS Publishes Guide to Cybersecurity Best Practices

Data Breach Today

Co-Developed with Healthcare Sector Coordinating Council, Designed for Organizations of All Sizes With the aim of helping healthcare entities of all sizes improve their cybersecurity, the Department of Health and Human Services has issued a four-volume publication of voluntary best practices.

Suspected Hack Disrupts Major Newspapers

Adam Levin

A cyberattack disrupted several major newspapers printed by Tribune Publishing shortly before New Year’s Day.

Selecting the best AI-powered analytics software for Life Sciences in 2019

OpenText Information Management

Artificial intelligence or AI is fast becoming a key technology for the life sciences field. Combined with advanced analytics, it has almost limitless potential to deliver superior data, leading to better and more efficient drug development, reduced costs and increased profits.

China's APT10

Schneier on Security

Wired has an excellent article on China's APT10 hacking group. Specifically, on how they hacked managed service providers in order to get to their customers' networks. I am reminded of the NSA's " I Hunt Sysadmins " presentation, published by the Intercept. china hacking nsa

Stop the Presses: Don't Rush Tribune Ransomware Attribution

Data Breach Today

Nation States and Cybercrime Gangs Keep Blurring; Tools Alone Don't Equal Actors Don't rush to blame the printing outage at newspapers owned by Tribune Publishing on anything more than an organization failing to block a malware outbreak. And even if it does prove to be a Ryuk ransomware attack, there's no proof yet that any particular nation state is behind the campaign, experts warn

7 Habits of a Highly Effective CISO: 2019 Data Security Resolutions

Thales Data Security

It’s 2019 and data is everywhere – and what you can do with what is at your fingertips is truly transformative.

The Most Dangerous People on the Internet in 2018: Trump, Zuck and More

WIRED Threat Level

From Donald Trump to Russian hackers, these are the most dangerous characters we've been watching online in 2018. Security

What is a Hacker?

IG Guru

January 2nd, 2019 – by Andrew Ysasi and guest writer Chris Robert If you are reading this, you may be here to get some validation or confirmation that hackers are good. Well, I have it for you. As a youth, I grew up watching movies like War Games, Sneakers, and Hackers.

IT 78

Ransom Moves: The Dark Overlord Keeps Pressuring Victims

Data Breach Today

Demanding Bitcoins, Blackmailing Hacker Group Turns to 9/11 Conspiracies The notorious hacker gang The Dark Overlord continues its blackmail efforts, turning its hand to 9/11 conspiracy theories to try to sell stolen insurance documents.

10 Personal Finance Lessons for Technology Professionals

Troy Hunt

Patience. Frugality. Sacrifice. When you boil it down, what do those three things have in common? Those are choices. Money is not peace of mind. Money’s not happiness. Money is, at its essence, that measure of a man’s choices.

The Elite Intel Team Still Fighting Meltdown and Spectre

WIRED Threat Level

One year after a pair of devastating processor vulnerabilities were first disclosed, Intel's still dealing with the fallout. Security

Will 2019 Be the Year Cybersecurity Goes Mainstream?

Adam Levin

2019 will be the year consumers start thinking more about cyber hygiene , and the year Congress becomes more proactive in the areas of privacy and cybersecurity.

It's Great to Go Straight

Data Breach Today

Ex-Cybercriminal Brett Johnson Discusses Life as a Keynote Speaker It's good to be legal, according to Brett Johnson, formerly America's most wanted cybercriminal, as he reflects on a year of his experiences speaking at ISMG Summits

IT 164

Is blockchain in the supply chain overhyped?

OpenText Information Management

From increasing conflict minerals traceability to monitoring supply chain disruptions or late delivery of shipments, the benefits of blockchain in the supply chain seem clear.

A Major Hacking Spree Gets Personal for German Politicians

WIRED Threat Level

Hundreds of German politicians who have had their private digital lives exposed online are victims of a hacking campaign with unclear motives. Security

‘Roma225’ campaign targets companies in the Italian automotive sector

Security Affairs

‘Roma225’ campaign -The Cybaze-Yoroi ZLab researchers investigated a recent espionage malware implant weaponized to target companies in the Italian automotive sector.

Suspected Ransomware Outbreak Disrupts US Newspapers

Data Breach Today

Tribune Media Suspects Ryuk Ransomware Hit Publishing and Production Systems Production of newspapers owned by Chicago-based Tribune Publishing have been disrupted after malware began infecting the company's publishing and printing systems. Tribune newspapers report that they appear to have been hit by crypto-locking Ryuk ransomware

8 top artificial intelligence and analytics trends for 2019

Information Management Resources

Digital twins, edge computing and decision automation are among the hottest trends expected to impact artificial intelligence adoption this year. Artificial intelligence Analytics Machine learning

The Worst Hacks of 2018: Marriott, Atlanta, Quora, and More

WIRED Threat Level

From the Marriott and Facebook meltdowns to state-sponsored assaults, 2018 was an eventful year for cybercrime. Security

Facebook tracks non-users via Android Apps

Security Affairs

New thunderclouds on Facebook, the social network giant is accused of tracking non-users via Android apps.

Microsoft's Top 3 Cybersecurity Concerns for 2019

Data Breach Today

With an operating system that's used by 90 percent of Fortune 500 companies, Microsoft closely monitors cyberattack trends. Joram Borenstein, general manager of Microsoft's Cybersecurity Solutions Group, discusses his top three concerns for 2019

3 Reasons why tape should be included in your DR strategies

IG Guru

Repost – I wrote this article on LinkedIn and it got picked up by IDM. Friday, March 18, 2016 – 10:45 By Andrew Ysasi I frequently hear chatter about using tape technology online, at conferences, and even in meetings that can be summed up in one statement, “Tape is dead.

Zero-knowledge attestation

Imperial Violet

U2F/FIDO tokens (a.k.a. Security Keys”) are a solid contender for doing something about the effectiveness of phishing and so I believe they're pretty important. I've written a fairly lengthy introduction to them previously and, as mentioned there, one concerning aspect of their design is that they permit attestation: when registering a key it's possible for a site to learn a cryptographically authenticated make, model, and batch.

SandboxEscaper released PoC code for a new Windows zero-day

Security Affairs

Security expert SandboxEscaper published a proof-of-concept (PoC) code for a new Windows zero-day, it is the fourth she released this year.