Sat.Feb 15, 2020 - Fri.Feb 21, 2020

Defense Department Agency Reports Data Breach

Data Breach Today

Defense Information Systems Agency Has a Security Mission A U.S.

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

44% of Security Threats Start in the Cloud

Dark Reading

Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud

Cloud 87

Hackers Were Inside Citrix for Five Months

Krebs on Security

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents.

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Cybersecurity Plan for 2020 US Election Unveiled

Data Breach Today

CISA Describes Its Role as Security Facilitator The U.S.

More Trending

MGM Data Breach Affects Over 10 Million Customers

Adam Levin

The personal information of over 10.6 million customers of MGM Resorts has been published online. MGM Resorts confirmed the leaked data as being the result of a data breach that occurred last year.

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program.

GAO: Census Bureau Comes Up Short on Cybersecurity

Data Breach Today

With 2020 Census Slate to Start April 1, Bureau Still Has Work to Do The U.S. Census Bureau has not done enough to address cybersecurity issues in preparation for the 2020 census, which is slated to begin April, according to a new report from the Government Accountability Office

MY TAKE: PKI, digital certificates now ready to take on the task of securing digital transformation

The Last Watchdog

Just five years ago, the Public Key Infrastructure, or PKI , was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better. Related: Why PKI is well-suited to secure the Internet of Things PKI is the authentication and encryption framework on which the Internet is built. The buckling of PKI a few years back was a very serious matter, especially since there was nothing waiting in the wings to replace PKI.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Firms Improve Threat Detection but Face Increasingly Disruptive Attacks

Dark Reading

In addition, more third parties are discovering the attacks rather than the companies themselves

103
103

Encoding Stolen Credit Card Data on Barcodes

Krebs on Security

Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service , the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards.

IT 173

Phishing Campaigns Tied to Coronavirus Persist

Data Breach Today

UN's World Health Organization Warns of Fraud Attempts As the coronavirus generates headlines around the world, cybercriminals are continuing to use this public health crisis to spread phishing emails and create malicious domains for a variety of fraud. Here's an update on the latest developments

Russia Doesn't Want Bernie Sanders. It Wants Chaos

WIRED Threat Level

The point of Kremlin interference has always been to find democracy’s loose seams, and pull. Security Security / National Security

IT 101

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Inrupt, Tim Berners-Lee's Solid, and Me

Schneier on Security

For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data.

IoT 99

CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability

Security Affairs

A security expert found a flaw in SharePoint that could be exploited to remotely execute arbitrary code by sending a specially crafted SharePoint application package.

Hacking of Accounting Firm Affects Medical Group

Data Breach Today

Apparent Ransomware Incident Exposes Patient Information An apparent ransomware attack on an accounting firm in December exposed the patient data of Community Care Physicians, a large upstate New York medical group, as well as other clients of the firm

Over 500 Chrome Extensions Secretly Uploaded Private Data

WIRED Threat Level

A researcher discovered that hundreds of extensions in the Web Store were part of a long-running malvertising and ad-fraud scheme. Security Security / Cyberattacks and Hacks

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Hacking McDonald's for Free Food

Schneier on Security

This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month.

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign.

Hackers Post Details on MGM Resorts Guests: Report

Data Breach Today

Breached Cloud Server Contained Data on 10 Million Guests Hackers have posted on an underground forum the personal information of 10.6 million MGM Resorts guests, ZDNet reports. The hotel chain confirms it was breached last year

Cloud 194

Firmware Weaknesses Can Turn Computer Subsystems into Trojans

Dark Reading

Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Internet of Things Candle

Schneier on Security

There's a Kickstarter for an actual candle , with real fire, that you can control over the Internet. What could possibly go wrong? internetofthings

91

Organizers of major hacking conferences in Asia put them on hold due to Coronavirus outbreak

Security Affairs

Organizers of Black Hat Asia and DEF CON China security conferences announced that they put the events on hold due to the Coronavirus outbreak.

Lawsuit Filed in Wake of Ransomware Attack

Data Breach Today

Patients Seek Damages, Citing Impact of Security Incident in New Jersey A lawsuit seeking class action status has been filed against a New Jersey healthcare organization in the wake of a ransomware attack last December in which the entity paid attackers an unspecified ransom to unlock its systems.

The US Blames Russia's GRU for Sweeping Cyberattacks in Georgia

WIRED Threat Level

By calling out Russia for digital assaults on its neighboring country, the US hopes to head off similar efforts at home. Security Security / Cyberattacks and Hacks

IT 90

Voatz Internet Voting App Is Insecure

Schneier on Security

This paper describes the flaws in the Voatz Internet voting app: " The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.".

Paper 91

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Security Affairs

Security experts have discovered multiple flaws, dubbed SweynTooth, in the Bluetooth Low Energy (BLE) implementations of major system-on-a-chip (SoC) vendors.

Canadian Government Breaches Exposed Citizens' Data: Report

Data Breach Today

Series of Breaches Occurred Over a Two-Year Period Data breaches at Canadian government agencies exposed the personal information of approximately 144,000 citizens over a two-year period, according to a news report

How Trump Hollowed Out US National Security

WIRED Threat Level

Acting director of national intelligence Richard Grenell is just the latest in a cascade of temporary or vacant personnel in critical government positions. . Security Security / National Security