Sat.Mar 23, 2019 - Fri.Mar 29, 2019

3 Reasons You Need Incident Reporting Training

MediaPro

We’ve all been there: Opening our email app or checking social media to find that our information may have been compromised in the breach of another big-name brand.

Q&A: How cybersecurity has become a primal battleground for AI one-upsmanship

The Last Watchdog

A discussion of how – and why – adversaries are using artificial intelligence to juice up malicious activities. When antivirus (AV) software first arrived in the late 1980s, the science of combating computer viruses was very straightforward. AV kept close track of known malicious files, and then quarantined or deleted any known malware that had managed to embed itself on the protected computing device. At its core, AV still does that today.

The Cybersecurity Lessons Your Company Can Learn From a Sensational Police Misconduct Story

Adam Levin

Florida police officer Leonel Marines resigned after a police investigation revealed the 12-year veteran of the Bradenton Police Department had been using police databases like a dating app to locate potential women for fun and maybe more. He’d been doing it for years.

Perpetual 'Meltdown': Security in the Post-Spectre Era

Data Breach Today

A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach

Krebs on Security

On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground.

Sales 232

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

The Last Watchdog

A couple of high-profile distributed denial-of-service (DDoS) attacks will surely go down in history as watershed events – each for different reasons. Related: IoT botnets now available for economical DDoS blasts. In March 2013, several impossibly massive waves of nuisance requests – peaking as high as 300 gigabytes per second— swamped Spamhaus , knocking the anti-spam organization off line for extended periods.

IoT 206

More Trending

Ransomware Attack Costs Norsk Hydro $40 Million - So Far

Data Breach Today

Norwegian Aluminum Maker Still Fighting LockerGoga Ransomware Attack Norsk Hydro reports that a March 18 ransomware attack has already cost the aluminum manufacturer more than $40 million, and the company continues to bring its systems back online

Man Behind Fatal ‘Swatting’ Gets 20 Years

Krebs on Security

Tyler Barriss , a 26-year-old California man who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas resident, has been sentenced to 20 years in federal prison. Tyler Barriss, in an undated selfie.

Commando VM – Using Windows for pen testing and red teaming

Security Affairs

Commando VM — Turn Your Windows Computer Into A Hacking Machine. FireEye released Commando VM , a Windows-based security distribution designed for penetration testers that intend to use the Microsoft OS.

Tools 111

Nearly One Billion Emails Exposed in Data Breach

Adam Levin

The email addresses and personal information of 982 million people were compromised in a leak from an unsecured database.

Microsoft Takes Control of 99 Websites From APT Group

Data Breach Today

Phosphorus Group Waged Spear-Phishing Campaign, Company Reports Microsoft is using its legal muscle to push back against an advanced persistent threat group that is says is "widely associated with Iranian hackers."

Groups 246

Programmers Who Don't Understand Security Are Poor at Security

Schneier on Security

A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good job at it.

Pwn2Own 2019 Day 3: Experts hacked Tesla 3 browser

Security Affairs

Pwn2Own 2019 Day 3 – Experts earned $35,000 and a Tesla Model 3 after hacking the vehicle’s web browser. Pwn2Own 2019 Day 3 – Hackers focused their efforts on car hacking, two teams participated in the competitions but only one of them reached the goal.

Course 114

BELGIUM: NEW DATA PROTECTION COMMISSIONER

DLA Piper Privacy Matters

By Patrick Van Eecke & Peter Craddock. Today, 29 March 2019, the Belgian House of Representatives appointed the new commissioner and directors of the Belgian Data Protection Authority (DPA).

Data 98

'Operation ShadowHammer' Shows Weakness of Supply Chains

Data Breach Today

Groups 233

Malware Installed in Asus Computers Through Hacked Update Process

Schneier on Security

Kaspersky Labs is reporting on a new supply chain attack they call "Shadowhammer.". In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility.

Course 105

Experts found 36 vulnerabilities in the LTE protocol

Security Affairs

A team of researchers from the Korea Advanced Institute of Science and Technology Constitution (KAIST ) discovered 36 vulnerabilities in the LTE protocol.

Do your employees care about cyber security?

IT Governance

A recent report has found that just 15% of IT decision makers in small organisations “completely agree” that their employees have a good understanding of cyber security, and 20% believe their employees don’t care about cyber security at all.

'Disrupting the Hell Out of the Industry'

Data Breach Today

Socure's Tom Thimot and George Tubin on Securing Identity As fraud has shifted over the past decade from basic account takeover to synthetic identities and new account fraud, so has the field of identity protection evolved.

Personal Data Left on Used Laptops

Schneier on Security

A recent experiment found all sorts of personal data left on used laptops and smartphones. This should come as no surprise. Simson Garfinkel performed the same experiment in 2003, with similar results. computersecurity dataloss dataprotection

Data 90

Operation SaboTor – Police arrested 61 vendors and buyers in the dark web

Security Affairs

Operation SaboTor – A coordinated operation conducted by law enforcement agencies from Europe, Canada, and the United States targeted vendors and buyers of illegal goods on dark web marketplaces.

Course 108

NEW TECH: Data Theorem helps inventory sprawling APIs — as the first step to securing them

The Last Watchdog

Remember when software used to come on CDs packaged in shrinked-wrapped boxes, or even before that, on floppy disks? Related: Memory-based attacks on the rise. If you bought a new printer and wanted it to work on your desktop PC, you’d have to install a software driver, stored on a floppy disk or CD, to make that digital handshake for you. Today software is developed and deployed in the cloud, on the fly.

Why Criminals Love Cards Issued by US Banks

Data Breach Today

Blueliv's Liv Rowley Reviews the Latest Fraud, Malware, Credential Theft Trends Some 96 percent of all compromised payment cards have been issued by U.S.

Trends 222

NSA-Inspired Vulnerability Found in Huawei Laptops

Schneier on Security

This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA's DOUBLEPULSAR that was leaked by the Shadow Brokers -- believed to be the Russian government -- and it's obvious that this attack copied that technique. What is less clear is whether the vulnerability -- which has been fixed -- was put into the Huwei driver accidentally or on purpose. backdoors malware nsa vulnerabilities

PewDiePie ransomware oblige users subscribe to PewDiePie YouTube channel

Security Affairs

It is a battle with no holds barred between T-Series and PewDiePie, their fans are spreading the PewDiePie ransomware to force users to subscribe to PewDiePie Youtube channel.

Chatbots | Technologically Redefining Customer experience

Everteam

Whenever we face any obstacle with a service or a product purchased, our first instinct is directly getting in touch with the customer service department. It’s not hard to imagine the specific repetitive scenario used by this department and the long “on Hold” moments.

The Impact of Digital Transformation on Security

Data Breach Today

Kory Daniels of Trustwave on Scaling Security at the Speed of Business Identifying the data gaps in the rapidly expanding attack surface is critical to allow more sophisticated preventive and response capabilities, says Kory Daniels of Trustwave

HTTPS Isn't Always As Secure As It Seems

WIRED Threat Level

A surprising number of high-traffic sites have TLS vulnerabilities that are subtle enough for the green padlock to still appear. Security

IT 81

How to get back files encrypted by the Hacked Ransomware for free

Security Affairs

Good news for the victims of the Hacked Ransomware, the security firm Emsisoft has released a free decryptor to decrypt the data of infected computers. Security experts at Emsisoft released a free decryptor for the Hacked Ransomware.

How to: Find and Clean out Your Dark Data with everteam.discover

Everteam

We talk a lot about how you need to get control of the dark data spread across disconnected silos in your company.

Cloud Security: How the Dialogue Has Shifted

Data Breach Today

Palo Alto Network's Matt Chiodi on the Evolution of Public Cloud Security In just five years' time, the public cloud security conversation has changed dramatically, says Matt Chiodi of Palo Alto Networks. But security leaders still struggle with visibility and compliance

Cloud 211

How to Check Your Computer for Hacked Asus Software Update

WIRED Threat Level

Hackers compromised Asus’s Live Update tool to distribute malware to almost a million people. Here’s how to find out if your computer has it. Security Security / Cyberattacks and Hacks

Tools 82

New Shodan Monitor service allows tracking Internet-Exposed devices

Security Affairs

Shodan IoT search engine announced the launch of a new service called Shodan Monitor designed to help organizations to maintain track of systems connected to the Internet.

IoT 103

Information Capture Needs to Evolve to Meet New Information Challenges

AIIM

For many years, “capture” was somewhat of an afterthought.It was something focused primarily on paper documents.It was something focused on archiving the document rather than on the extraction of data from the document.It