Sat.Feb 22, 2020 - Fri.Feb 28, 2020

The Need for a 'Collective Defense'

Data Breach Today

Former NSA Director and Others Stress Collaboration Among the top issues being discussed at the RSA 2020 conference this week is the need for more cybersecurity collaboration between government agencies and the private sector. Here are some interview highlights

5 Ways to Up Your Threat Management Game

Dark Reading

Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management

IT 85

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

How to develop a robust cyber security policy

IT Governance

Technological defences and staff training are two of the most frequently touted measures for preventing data breaches, but their effectiveness is dependent on the way organisations implement them. That means creating a detailed cyber security policy. What is a cyber security policy?

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data

Krebs on Security

The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data.

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Ransomware Attacks Growing More Targeted and Professional

Data Breach Today

McAfee's John Fokker Charts the Increasingly Advanced Cybercrime Service Economy Ransomware-wielding attackers - aided by a service economy that gives them access to more advanced attack tools - are increasingly targeting organizations rather than individuals to shake them down for bigger ransom payoffs, says McAfee's John Fokker.

More Trending

BOOK REVIEW: ‘Security Yearbook’ preserves cybersecurity history — highlights tectonic shift

The Last Watchdog

Along with Richard Stiennon , I belong to a small circle of journalists and tech industry analysts who’ve been paying close attention to cybersecurity since Bill Gates curtailed commercial work on Windows to rivet Microsoft’s attention on defending its software code. Related: The role of PKI is securing digital transformation That was in 2002. Back then, email spam was a nuisance evolving into a potent attack vector, and the top malware innovators were script kiddies seeking bragging rights.

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware.

IT 201

Lawsuit Claims HIV Data Exposed in Leak

Data Breach Today

Legal Action Stems From Misconfigured Database at UW Medicine A lawsuit seeking class action status filed against UW Medicine in the wake of a data leak incident has been amended to reflect that at least one HIV patient allegedly had their data exposed.

New Trickbot Delivery Method Focuses on Windows 10

Dark Reading

Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10


Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

All versions of Apache Tomcat are affected by the Ghostcat flaw

Security Affairs

Ghostcat flaw affects all versions of Apache Tomcat and could be exploited by hackers to read configuration files or install backdoors on vulnerable servers.

Zyxel Fixes 0day in Network Storage Devices

Krebs on Security

Patch comes amid active exploitation by ransomware gangs. Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them.

IoT 196

Cloud Protection: How to Secure Server Environments

Data Breach Today

Jake King of Cmd Charts the Evolution of Cloud Workload Protection Platforms Development teams are increasingly building and deploying for the cloud, but DevOps practices too often fail to account for what happens after applications go from development into production and maintenance - and the ongoing security challenges they will face, says Jake King, CEO, of Cmd.

Cloud 205

Handling Huge Traffic Spikes with Azure Functions and Cloudflare

Troy Hunt

Back in 2016, I wrote a blog post about the Martin Lewis Money show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Firefox Enables DNS over HTTPS

Schneier on Security

This is good news : Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted.

6 Truths About Disinformation Campaigns

Dark Reading

Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know

CISA's Krebs: 2016 US Elections Were Cyber 'Sputnik' Moment

Data Breach Today

Cybersecurity Agency Ranks Election Security and Ransomware as Biggest Threats The 2016 U.S.

How a Hacker's Mom Broke Into a Prison—and the Warden's Computer

WIRED Threat Level

Security analyst John Strand had a contract to test a correctional facility’s defenses. He sent the best person for the job: his mother. Security Security / Cyberattacks and Hacks

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Newly Declassified Study Demonstrates Uselessness of NSA's Phone Metadata Program

Schneier on Security

The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study. Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday. [.]. The privacy board, working with the intelligence community, got several additional salient facts declassified as part of the rollout of its report. Among them, it officially disclosed that the system has gained access to Americans' cellphone records, not just logs of landline phone calls. It also disclosed that in the four years the Freedom Act system was operational, the National Security Agency produced 15 intelligence reports derived from it. The other 13, however, contained information the F.B.I. had already collected through other means, like ordinary subpoenas to telephone companies. The report cited two investigations in which the National Security Agency produced reports derived from the program: its analysis of the Pulse nightclub mass shooting in Orlando, Fla., in June 2016 and of the November 2016 attack at Ohio State University by a man who drove his car into people and slashed at them with a machete. But it did not say whether the investigations into either of those attacks were connected to the two intelligence reports that provided unique information not already in the possession of the F.B.I. This program is legal due to the USA FREEDOM Act, which expires on March 15. Congress is currently debating whether to extend the authority, even though the NSA says it's not using it now. intelligence metadata nationalsecuritypolicy nsa phones

Exploitation, Phishing Top Worries for Mobile Users

Dark Reading

Reports find that mobile malware appears on the decline, but the exploitation of vulnerabilities along with phishing has led to a rise in compromises, experts say

BEC Group Favors G-Suite, Physical Checks: Report

Data Breach Today

Agari Says 'Exaggerated Lion' Has Targeted Businesses Throughout US A business email compromise group targeting U.S. businesses is using G-Suite for their scams and collecting money through physical checks instead of wire transfers, according to the security firm Agari

Stalkerware Installations Up 60% in 2019

Adam Levin

The number of stalkerware apps detected on smartphones increased in 2019, a full 60% over the previous year according to a new report released by Kaspersky Labs. .

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Joker malware still able to bypass Google Play Store checks

Security Affairs

The infamous Joker malware has found a way to bypass the security checks to be published in the official Play Store, new clicker was found by experts.

SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps

Dark Reading

Server-side request forgery is a dangerous attack method that is also becoming an issue for the cloud. Here are some of the basics to help keep your Web server from turning against you

Cloud 97

Report: FCC to Fine US Carriers Over Location Data Sales

Data Breach Today

Agency Could Levy Fines Against AT&T, Verizon, Sprint and T-Mobile The FCC reportedly is close to fining U.S. mobile carriers, including AT&T, Sprint, T-Mobile and Verizon, for improperly selling real-time mobile phone location data

Sales 194

Deep Learning to Find Malicious Email Attachments

Schneier on Security

Google presented its system of using deep-learning techniques to identify malicious email attachments: At the RSA security conference in San Francisco on Tuesday, Google's security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents is faring against the 300 billion attachments it has to process each week. It's challenging to tell the difference between legitimate documents in all their infinite variations and those that have specifically been manipulated to conceal something dangerous. Google says that 63 percent of the malicious documents it blocks each day are different than the ones its systems flagged the day before. But this is exactly the type of pattern-recognition problem where deep learning can be helpful. [.]. The document analyzer looks for common red flags, probes files if they have components that may have been purposefully obfuscated, and does other checks like examining macros­ -- the tool in Microsoft Word documents that chains commands together in a series and is often used in attacks. The volume of malicious documents that attackers send out varies widely day to day. Bursztein says that since its deployment, the document scanner has been particularly good at flagging suspicious documents sent in bursts by malicious botnets or through other mass distribution methods. He was also surprised to discover how effective the scanner is at analyzing Microsoft Excel documents, a complicated file format that can be difficult to assess. This is the sort of thing that's pretty well optimized for machine-learning techniques. email gmail google machinelearning malware phishing

IT 88

ISS reveals malware attack impacted parts of the IT environment

Security Affairs

ISS , the multinational Denmark-based facility services company, was hit with a malware that shuts down shared IT services worldwide.

IT 93

Elastic Security Makes Case For Blending 'Human Element,' Election Security

Dark Reading

Nate Fick, general manager of Elastic and former CEO of Endgame, talks about the impact of AI and machine learning on security professionals, and how what technologies can be tapped to improve security in the runup to November's election

RSA President Rohit Ghai on 'The Human Element'

Data Breach Today

CISOs Need to Share Their Success Stories While the cybersecurity industry has increasingly focused on the roles artificial intelligence and machine learning can play in thwarting attacks, the humans behind the algorithms remain both points of strength and weakness, says RSA President Rohit Ghai, who keynoted the RSA 2020 conference on Tuesday.

Russia Is Trying to Tap Transatlantic Cables

Schneier on Security

The Times of London is reporting that Russian agents are in Ireland probing transatlantic communications cables. Ireland is the landing point for undersea cables which carry internet traffic between America, Britain and Europe.