Sat.Jan 04, 2020 - Fri.Jan 10, 2020

Eliminate the Password, Eliminate the Password Problem.

The Security Ledger

Weak, stolen or reused passwords are the root of 8 in 10 data breaches. Fixing the data breach problem means abandoning passwords for something more secure. But what does passwordless authentication even look like?

What Orwell's '1984' Missed: Free Social Media Apps

Data Breach Today

UAE Green Lights All-Access Social Messaging App, Blocks Rivals Not even George Orwell could have predicted nation-state surveillance in the 21st century.

Access 164

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

In App Development, Does No-Code Mean No Security?

Dark Reading

No-code and low-code development platforms are part of application development, but there are keys to making sure that they don't leave security behind with traditional coding

Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy

Threatpost

Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then. Bug Bounty Vulnerabilities 90 days coordinated disclosure google policy changes Project Zero Vulnerability Disclosure

77

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

11 cyber security predictions for 2020

IT Governance

Almost everyone wants to know what the future has in store – particularly when it comes to cyber security. Keeping aware of the latest cyber threats and the best solutions to combat them will put organisations in a better position to prevent attacks.

IoT 83

More Trending

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password.

A Facebook Bug Exposed Anonymous Admins of Pages

WIRED Threat Level

A bad code update allowed anyone to easily reveal which accounts posted to Facebook Pages—including celebrities and politicians—for several hours. . Security Security / Privacy

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Security Affairs

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The U.S.

Router Cryptojacking Campaigns Disrupted

Data Breach Today

20,000 Hacked MikroTik Routers in Southeast Asia Were Malware-Infected Nearly 16,000 malware-infected MicroTik routers in Southeast Asia have been scrubbed of Coinhive cryptojacking code, which mines for monero, thanks to an international police operation.

Mining 205

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Alleged Member of Neo-Nazi Swatting Group Charged

Krebs on Security

Iranian Hackers Have Been ‘Password-Spraying’ the US Grid

WIRED Threat Level

A state-sponsored group called Magnallium has been probing American electric utilities for the past year. Security Security / National Security

Mozilla addresses CVE-2019-17026 Firefox Zero-Day exploited in targeted attacks

Security Affairs

Mozilla has released security updates for Firefox browser that address a zero-day vulnerability (CVE-2019-17026) that has been exploited in targeted attacks.

Voting Machine Firm CEOs Open to Greater Federal Oversight

Data Breach Today

Congress Wants Security Vulnerabilities Addressed to Thwart Foreign Interference The CEOs of the three largest voting machine manufacturers testified before a U.S.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Senators Prod FCC to Act on SIM Swapping

Krebs on Security

How the US Knew Iranian Missiles Were Coming Before They Hit

WIRED Threat Level

The US has operated an extensive network of missile warning systems for over half a century, but next-generation missiles will put it to the test. Security Security / National Security Science Science / Space

IT 82

56.25 million US residents records collected by CheckPeople exposed on a Chinese server

Security Affairs

A database containing the personal details of 56.25 million US residents that allegedly belongs to CheckPeople.com website was exposed online. A database containing the personal details of 56.25

Analysis: Threat Posed by Pro-Iranian Hackers

Data Breach Today

Wiper Malware, Bank Disruptions Feature in Iran's Asymmetric Hacking Playbook Launching online attacks remains a potent tool in the Iranian government's geopolitical playbook. Security experts are urging U.S.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network.

Facebook Says Encrypting Messenger by Default Will Take Years

WIRED Threat Level

Mark Zuckerberg promised default end-to-end encryption throughout Facebook's platforms. Nearly a year later, Messenger's not even close. Security Security / Security News

MITRE presents ATT&CK for ICS, a knowledge base for ICS

Security Affairs

MITRE announced the initial release of a version of its MITRE ATT&CK knowledge base that focuses on industrial control systems (ICS). MITRE’s ATT&CK framework is becoming a standard in cybersecurity community for the classification of attacker behavior.

Risk 83

Lawsuit Filed in Wake of Ransomware Attack

Data Breach Today

The Difficulty of Disclosure, Surebet247 and the Streisand Effect

Troy Hunt

This is a blog post about disclosure, specifically the difficulty with doing it in a responsible fashion as the reporter whilst also ensuring the impacted organisation behaves responsibly themselves.

New SHA-1 Attack

Schneier on Security

There's a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack.

Paper 80

Albany County Airport authority hit by a ransomware attack

Security Affairs

Officials at the Albany County Airport Authority revealed that New York airport servers were infected with ransomware on Christmas.

FBI Asks Apple For Access to Saudi Shooter's iPhones

Data Breach Today

Request Echoes 2016 Legal Standoff Between Apple and the FBI The FBI has sent a letter to Apple asking for help in accessing encrypted data from two iPhones belonging to a deceased shooter. The bureau's move may be a prelude to another legal fight between the FBI and Apple over strong encryption

Access 173

How to Secure Your Wi-Fi Router and Protect Your Home Network

WIRED Threat Level

Router security has improved a bunch in recent years, but there are still steps you can take to lock yours down even better. Security Security / Security Advice

U.S. Federal Website Defaced by Pro-Iranian Hackers

Adam Levin

A federal website was defaced with pro-Iranian messaging in what is believed to be retaliation for the U.S. drone strike that killed one of Iran’s top military commanders.

The city of Las Vegas announced it has suffered a cyber attack

Security Affairs

The city of Las Vegas announced it has suffered a cyber attack that breached its computer systems, it is unclear whether any sensitive data was exposed.

IT 82

Facebook's FTC Privacy Settlement Challenged in Court

Data Breach Today

Federal Judge Still Considering Objections From Privacy Groups Six months after Facebook agreed to a landmark privacy settlement with the U.S.

Russia Takes a Big Step Toward Internet Isolation

WIRED Threat Level

total control. Security Security / Security News