Sat.Aug 10, 2019 - Fri.Aug 16, 2019

6 Tough Questions to Ask ANY SaaS Provider Before You Use Their Software

Docuware

Not only do today’s cloud solutions more closely align technology and business processes, they also offer access to the advanced capabilities that were once only available to large corporations.

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

“All we know is MONEY! Hurry up! Tik Tak, Tik Tak, Tik Tak!” This is an excerpt from a chilling ransom note Baltimore IT officials received from hackers who managed to lock up most of the city’s servers in May. The attackers demanded $76,000, paid in Bitcoin, for a decryption key.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Apple Expands Bug Bounty; Raises Max Reward to $1 Million

Data Breach Today

Move Generates Praise From Security Experts Apple is opening up its bug bounty program to all researchers, increasing the rewards and expanding the scope of qualifying products in a bid to attract tips on critical software flaws.

Extended Validation Certificates are (Really, Really) Dead

Troy Hunt

114
114

Meet Bluetana, the Scourge of Pump Skimmers

Krebs on Security

“ Bluetana ,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests.

NEW TECH: Trend Micro inserts ‘X’ factor into ‘EDR’ – endpoint detection and response

The Last Watchdog

With all the talk of escalating cyber warfare , the spread of counterfeit smartphones and new forms of self-replicating malware , I came away from Black Hat USA 2019 (my 15 th ) marveling, once more, at the panache of modern cyber criminals. Related: Lessons learned from Capital One breach Yet, I also had the chance to speak one-on-one with dozens of security vendors who are innovating like crazy to improve security. And I came away, once again, much encouraged.

More Trending

Payments and Security: Putting security where your money is

Thales eSecurity

Originally published in Payments Journal on July 31, 2019.

SEC Investigating Data Leak at First American Financial Corp.

Krebs on Security

The U.S. Securities and Exchange Commissio n (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp.

GUEST ESSAY: Why the next round of cyber attacks could put many SMBs out of business

The Last Watchdog

In the last year, the news media has been full of stories about vicious cyber breaches on municipal governments. From Atlanta to Baltimore to school districts in Louisiana, cyber criminals have launched a wave of ransomware attacks on governments across the country. Related: SMBs struggle to mitigate cyber attacks As city governments struggle to recover access to their data, hackers are already turning their sites on their next targets: small and medium-sized businesses (SMBs).

European Central Bank Closes a Website Following Hack

Data Breach Today

Malware Found; Personal Data Apparently Exposed The European Central Bank has closed one of its websites after its IT staff found that a hacker compromised some personal information on the site and also planted malware

Boffins hacked Siemens Simatic S7, most secure controllers in the industry

Security Affairs

A group of Israeli researchers demonstrated that it is possible to take over the Simatic S7 controller one of the most secure controllers in the industry.

Paper 114

Patch Tuesday, August 2019 Edition

Krebs on Security

Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it’s all going to turn out.

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

WIRED Threat Level

A security researcher has demonstrated how to force everyday commercial speakers to emit harmful sounds. Security Security / Cyberattacks and Hacks

Choice Hotels: 700,000 Guest Records Exposed

Data Breach Today

Vendor Copied Data Without Authorization; Left MongoDB Open to Internet Choice Hotels says about 700,000 records for guests were exposed after one of its vendors copied data from its systems. Fraudsters discovered the data and tried to hold the hotel chain to ransom, which it ignored

IT 203

5 Things to Know About Cyber Insurance

Dark Reading

More businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy

Software Vulnerabilities in the Boeing 787

Schneier on Security

Access 113

A Remote-Start App Exposed Thousands of Cars to Hackers

WIRED Threat Level

The bugs could have let an industrious hacker locate cars, unlock them, and start them up from anywhere with an internet connection. Security Security / Cyberattacks and Hacks

Biometric Security Vendor Exposes Fingerprints, Face Data

Data Breach Today

Researchers Find Open Database for Suprema's BioStar 2 A South Korean company that makes a biometric access control platform exposed fingerprint, facial recognition data and personal information after leaving an Elasticsearch database open, security researchers say.

Google hacker discloses 20-year-old Windows flaw still unpatched

Security Affairs

Tavis Ormandy, white hat hacker at Google’s Project Zero Team, disclosed technical details of a 20-year-old Windows vulnerability that is still unpatched.

Exploiting GDPR to Get Private Information

Schneier on Security

A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation (GDPR) , which came into force in May 2018.

GDPR 111

How Facebook Catches Bugs in Its 100 Million Lines of Code

WIRED Threat Level

For the last four years, Facebook has quietly used a homegrown tool called Zoncolan to find bugs in its massive codebase. Security Security / Security News

IT 111

Prosecutors Allege Capital One Suspect Stole From Many Others

Data Breach Today

New Court Documents Describe What Was Found on Her Servers Paige A.

182
182

Flaws in 4G Routers of various vendors put millions of users at risk

Security Affairs

Security expert discovered multiple flaws in 4G routers manufactured by several companies, some of them could allow attackers to take over the devices. G Richter, a security researcher at Pen Test Partners discovered multiple vulnerabilities 4G routers manufactured by different vendors.

Risk 112

7 Biggest Cloud Security Blind Spots

Dark Reading

Cloud computing boon is for innovation, yet security organizations find themselves running into obstacles

Cloud 111

Hackers Could Decrypt Your GSM Phone Calls

WIRED Threat Level

Researchers have discovered a flaw in the GSM standard used by AT&T and T-Mobile that would allow hackers to listen in. Security Security / Cyberattacks and Hacks

Elon Musk Wants to Hack Your Brain

Data Breach Today

Neuralink Pursues a Brain-Computer Interface; What Could Go Wrong?

City of Naples, Florida, lost $700K after a cyberattack

Security Affairs

Another city in the United States was hit by a cyber attack, according to officials in the city of Naples (Florida) they lost $700,000 in a recent attack. According to officials in the city of Naples, Florida, a cyberattack caused an economic loss of $700,000.

6 Security Considerations for Wrangling IoT

Dark Reading

The Internet of Things isn't going away, so it's important to be aware of the technology's potential pitfalls

IoT 110

Enterprise Architecture Tools Are Key to Managing Ideation and Innovation

erwin

Organizations largely recognize the need for enterprise architecture tools, yet some still struggle to communicate their value and prioritize such initiatives.

Big Data Analytics' Role in Security

Data Breach Today

Splunk's Haiyan Song Shares Insights on Addressing Emerging Threats Big data analytics can help security professionals stay ahead of emerging challenges in a rapidly changing threat landscape, says Splunk's Haiyan Song

USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$

Security Affairs

USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$. than 10$. The Video is self-explanatory. Wanna know how to make it? Read the article below.) . All started with this Tweet last April, when I wanted a damn cheap USB implant capable of injecting keystrokes.

Access 111

You Gotta Reach 'Em to Teach 'Em

Dark Reading

As threats continue to evolve and cybercriminals become more sophisticated, organizations that lack a mature security awareness and training program place themselves at serious risk

6 DataOps essentials to deliver business-ready data

IBM Big Data Hub

Nearly every business is under competitive, disruptive, and regulatory pressures. As companies face digital transformation and modernization to meet their customers’ expectations, leveraging data and AI at the speed of business can be the biggest differentiator

Cloud Atlas Uses Polymorphic Techniques to Avoid Detection

Data Breach Today

APT Group Adds New Infection Chain to Its Usual Malware and Tactics The group behind the Cloud Atlas cyber espionage campaigns, which were first detected five years ago, is now deploying polymorphic techniques designed to avoid monitoring and detection, according to researchers at Kaspersky Lab

Cloud 178