Sat.Nov 17, 2018 - Fri.Nov 23, 2018

Here's Why Account Authentication Shouldn't Use SMS

Data Breach Today

Database Blunder Left Two-Step Codes, Account Reset Links Exposed A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over.

How to Shop Online Like a Security Pro

Krebs on Security

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping.

How To 279

GUEST ESSAY: The privacy implications of facial recognition systems rising to the fore

The Last Watchdog

Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. A string of advances in biometric authentication systems has brought facial recognition systems, in particular, to the brink of wide commercial use. Related: Drivers behind facial recognition boom. Adoption of facial recognition technology is fast gaining momentum, with law enforcement and security use cases leading the way.

Information Attacks against Democracies

Schneier on Security

Democracy is an information system. That's the starting place of our new paper: " Common-Knowledge Attacks on Democracy." In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks.

Groups 114

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Magecart Spies Payment Cards From Retailer Vision Direct

Data Breach Today

Card-Sniffing JavaScript Posed as Google Analytics Script on Retailer's Sites Online contact lens retailer Vision Direct says it suffered a data breach that exposed customers' names and complete payment card details.

Retail 228

More Trending

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

The Last Watchdog

Privacy regulations and legislation are topics that continue to be of concern for consumers and businesses alike. News of data breaches, data vulnerabilities and compromised private information is released almost daily from businesses both small and large. Related: Europe’s GDPR ushers in new privacy era. Legislation has recently been proposed for individual states, addressing data privacy regulations head-on.

Instagram glitch exposed some user passwords

Security Affairs

Instagram has suffered a serious security leak that might have exposed user’s passwords, revealed The Information website. Instagram notified some of its users that it might have accidentally exposed their password due to a security glitch.

Lessons Learned From 2018's Top Attacks

Data Breach Today

Cisco's Paul Singleton on Why It's Important to Know Your Adversary How have cyberattacks evolved in 2018? Cisco's Paul Singleton describes the common threats and vectors, as well as why it's important to know exactly who your attacker is - and how they are exploiting your defenses

IT 226

10 things you must do to become cyber secure

IT Governance

Preparing your organisation for cyber attacks and data breaches is complicated, and you should look for advice wherever you can get it. One of the most trusted resources is the NCSC’s (National Cyber Security Centre) ten-step guide.

Risk 106

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Worst-Case Thinking Breeds Fear and Irrationality

Schneier on Security

Here's a crazy story from the UK. Basically, someone sees a man and a little girl leaving a shopping center.

6,500+ sites deleted after Dark Web hosting provider Daniel’s Hosting hack

Security Affairs

On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider, and deleted 6,500+ sites. On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider.

Two Friends Who Hacked TalkTalk Receive Prison Sentences

Data Breach Today

Telecom Company Says Total Losses Due to Data Breach Stand at $99 Million Two men who pleaded guilty to participating in the massive 2015 hack of London-based telecom company TalkTalk have been sentenced to serve time in jail.

JavaScript keylogger sees Vision Direct’s customer data stolen

IT Governance

Contact lens supplier Vision Direct has released information about a data breach it suffered earlier this month.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Using Machine Learning to Create Fake Fingerprints

Schneier on Security

Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner.

Paper 105

Protonmail hacked …. a very strange scam attempt

Security Affairs

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail.

Malware Moves: Attackers Retool for Cryptocurrency Theft

Data Breach Today

Weekly podcast: Amazon, TalkTalk and City of York

IT Governance

This week, we discuss Amazon’s exposure of customer names and addresses, jail sentences for two TalkTalk hackers, and a data breach affecting a City of York rubbish app. Hello and welcome to the IT Governance podcast for Friday, 23 November. Here are this week’s stories.

Protecting Big Data, while Preserving Analytical Agility

Thales eSecurity

The age of Big Data is upon us. And, as more data is available for analytical purposes, more sensitive and private information is at risk.

CarsBlues Bluetooth attack Affects tens of millions of vehicles

Security Affairs

The CarsBlues attack leverages security flaws in the infotainment systems installed in several types of vehicles via Bluetooth to access user PII. A new Bluetooth hack, dubbed CarsBlues, potentially affects millions of vehicles, Privacy4Cars warns.

Amazon Snafu Exposed Customers' Names and Email Addresses

Data Breach Today

Scant Detail on Incident and Unusual Email Notification Raises Eyebrows Amazon has blamed a technical error for its inadvertent exposure of some customers' names and email addresses online.

Retail 207

What is a cyber security incident?

IT Governance

You often hear the term ‘cyber security incident’ when an organisation’s systems are compromised rather than ‘breach’ or ‘hack’. What is the difference between those terms?

Massive Vulnerability Exposed at USPS

Adam Levin

Krebs on Security reported a security weakness that affected millions of USPS customers. The vulnerability in question allowed anyone with an account on USPS.com to view granular information about the site’s more than 60 million users.

Million password resets and 2FA codes exposed in unsecured Vovox DB

Security Affairs

Million of password resets and two-factor authentication codes exposed in unsecured Vovox DB.

Did China Spy on Australian Defense Websites?

Data Breach Today

One Answer Is Clear: Network Re-Routing Raises Suspicions For nearly 30 months, internet traffic going to Australian Department of Defense websites flowed through China Telecom data centers, an odd and suspicious path. Why the strange routing occurred is known. But the reasons why it persisted for so long aren't

Data 195

Radisson Rewards programme breached

IT Governance

Last month the Radisson Hotel Group, a global player in the hospitality industry with more than 1,400 hotels in 114 countries, discovered that its rewards programme had been breached. The hack occurred on 11 September 2018 but was only detected on 1 October.

Julian Assange Charges, Japan's Top Cybersecurity Official, and More Security News This Week

WIRED Threat Level

Safer browsing, more bitcoin scams, and the rest of the week's top security news. Security

Flaw allowing identity spoofing affects authentication based on German eID cards

Security Affairs

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen.

Texas Hospital Catches Dharma Ransomware Infection

Data Breach Today

Altus Baytown Hospital Among Latest Healthcare Cyberattack Victims An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector

Top cyber security courses for 2018

IT Governance

Find out how to pick the best training course and qualification to advance your cyber security career. The cyber security industry has boomed in the past decade, providing fantastic opportunities for those interested in rewarding work that pays well and gives you room to grow.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

WIRED Threat Level

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security. Security

New set of Pakistani banks’ card dumps goes on sale on the dark web

Security Affairs

According to the head of the Federal Investigation Agency’s (FIA) cybercrime wing.almost all Pakistani banks were affected by a recent security breach.

Sales 104