Sat.Mar 14, 2020 - Fri.Mar 20, 2020

What is Federated Information Management?

Gimmal

Almost every industry is facing a similar challenge today: How to implement an overarching information governance strategy that covers all information in a unified manner. As a leader in records and information management, Gimmal has solved this exact problem for our clients.

Enterprises are embracing edge computing

DXC Technology

The exponential growth of connected, embedded devices — the Internet of Things (IoT) — is forcing some enterprises to revamp their network architectures to avoid latency issues and continue to process a high volume of data with minimal delay.

IoT 65

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Analysis: COVID-19 as a Cybercrime Opportunity

Data Breach Today

The latest edition of the ISMG Security Report analyzes how cybercriminals are exploiting the COVID-19 pandemic. Also featured: A discussion of potential 2020 election changes; tips for staying secure in a remote workplace

Living and Working Amid COVID-19 Crisis

Data Breach Today

Quarantines, lockdowns, supply chain disruptions and the biggest remote workforce in history. These all part of the "new normal" in the shadow of the COVID-19 pandemic.

170
170

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

A COVID-19 Cybersecurity Poll: Securing a Remote Workforce

Threatpost

COVID-19 is changing how we work. Weigh in on how your organization is securing its remote footprint with our short Threatpost poll.

More Trending

The Value and Ethics of Using Phone Data to Monitor Covid-19

WIRED Threat Level

Google and Facebook are discussing plans with the White House to share collective data on people's movements during the coronavirus pandemic. Business Business / Computers and Software Security

Coronavirus Sets the Stage for Hacking Mayhem

WIRED Threat Level

As more people work from home and anxiety mounts, expect cyberattacks of all sorts to take advantage. Security Security / Security News

Open Exchange Rates discloses a security breach

Security Affairs

Last week, Open Exchange Rates disclosed a data breach that exposed the personal information and hashed passwords for customers of its API service.

Storage Implications of SIEM

Daymark

Every IT professional already knows that the proliferation of log files generated by Security Information and Event Management (SIEM) solutions can be overwhelming to manage.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

The Web’s Bot Containment Unit Needs Your Help

Krebs on Security

Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit , effectively unleashing a pent-up phantom menace on New York City.

Coronavirus Cybercrime Victims: Please Come Forward

Data Breach Today

Businesses Asked to Report COVID-19-Themed Crime to Police As cybercriminals and nation-states take advantage of the COVID-19 pandemic to further their own aims, authorities are calling on victims to report online attacks as quickly as possible to help them better disrupt such activity

203
203

NEW TECH: Byos pushes ‘micro segmentation’ approach to cybersecurity down to device level

The Last Watchdog

Many companies take an old-school approach to bringing up the rear guard, if you will, when it comes to protecting IT assets. It’s called network segmentation. The idea is to divide the network up into segments, called subnetworks, to both optimize performance as well as strengthen security. Related: A use case for endpoint encryption At RSA 2020 in San Francisco recently, I learned about how something called “micro segmentation” is rapidly emerging as a viable security strategy.

The Best and Worst Browsers for Privacy, Ranked

WIRED Threat Level

A new study examines how Google Chrome, Mozilla Firefox, Apple Safari, Brave, Edge, and Yandex collect user data. . Security Security / Privacy

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Coronavirus Widens the Money Mule Pool

Krebs on Security

With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “ money mules ” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer. Here’s the story of one upstart mule factory that spoofs a major nonprofit and tells new employees they’ll be collecting and transmitting donations for an international “Coronavirus Relief Fund.” On the surface, the Web site for the Vasty Health Care Foundation certainly looks legitimate. It includes various sections on funding relief efforts around the globe, explaining that it “connects nonprofits, donors, and companies in nearly every country around the world.” The site says it’s a nonprofit with offices based in Nebraska and Quebec, Canada. Vasty is a phony charity that pretends to raise money for Coronavirus victims but instead hires people to help launder stolen funds. This and the rest of the content at Vasty’s site was lifted from GlobalGiving, a legitimate charity that is helping people affected by the pandemic. The “Vasty Health Care Foundation” is one of several fraudulent Web sites that recruit money mules in the name of helping Coronavirus victims. The content on Vasty’s site was lifted almost entirely from globalgiving.org , a legitimate charity that actually is trying to help people affected by the pandemic. “We have been contacted by job seekers asking if we are related to some of these job opportunities they’ve been finding on Indeed.com and Monster.com,” said Kevin Conroy , chief product officer at GlobalGiving. “And we always tell them no that’s not from us, and not to cash any checks someone may be giving them in relation to those offers.” The Vasty domain — vastyhealthcarefoundation[.]com — was registered just weeks ago, although the site claims its organization has been around for years. The crooks behind this scheme also seem to have submitted the Vasty name in custom links at vetting sites like The Better Business Bureau and Guidestar that ultimately take one to a summary of data on GlobalGiving. No doubt this is part of an effort to lend legitimacy to the Vasty name (hovering over the links above reveals the trickery). What proof is there that Vasty isn’t a legitimate charity? None of the dozens of Canadian mules contacted by this author responded to requests for comment. But KrebsOnSecurity received copious amounts of information about this scam from Milwaukee, Wisc. based Hold Security , which managed to intercept key file exchanges between threat actors through public file sharing services. Among those files were a set of form letters and boilerplate email messages that describe the ideal candidate for the job at Vasty and welcome new recruits to the Vasty payroll. Here’s a look at part of the job description, which includes (not pictured) a description of the healthcare plans and other benefits allegedly offered to Vasty employees. After congratulating applicants (everyone who applies is “hired”) on their new positions, Vasty asks the recruits to do some busy work. In this case, new hires are sent to local pharmacies on some bogus errand, such as to inspect the pricing of face masks and hand sanitizer products for price-gouging. “Now we have the first task for you. You will have to perform a trip within your city. So that we can compensate for transportation costs along with your hourly rate, I ask you to keep receipts confirming your expenses. LOCATION: Sam’s Geneva Street Pharmacy. ADDRESS: 284 Geneva St, St. Catharines, ON L2N 2E8. I ask you to go to the pharmacy at the specified address. We are increasingly receiving reports of private sellers violating the pricing policy for products such as: aspirin, face masks are loose surgical masks with elastic loops that go around the ears, hand sanitizers.” New recruits are then asked to assemble and submit a written report of their observations at the store in question. These types of menial, meaningless tasks are a typical tactic of money mule recruitment schemes and they serve two main purposes: They separate out slackers from people who really need and want a job, and they help the employee feel like he’s doing something useful and legitimate (aside from just moving money around, which if brought up too soon might make him question whether the job is legit). Eventually, after successfully completing one or more of these busy work tasks, the new hire is asked to process a “donation” from someone who wants to help fight the Coronavirus outbreak: “Please read the instructions carefully. One donor wants to make donations to help fight the coronavirus. As you know, this is a big problem for most countries of the world. Every day we receive information from the World Health Organization that more and more people are sick. Quite a lot of people died from this virus. Some people simply don’t have enough funds to provide themselves with standard face masks and disinfectants to fight the virus.” “The donor requests that Bitcoins be bought with his funds. For this task, you need to create your Bitcoin wallet, or use the QR code that we send you in this letter. You will receive from the donor up to 3000 CAD. Your commission up to 150 CAD will be included in this amount to cover your expenses. I remind you that you do not need to use your funds to buy bitcoins. The funds will be sent to you. You will need to receive cash atm or at your bank branch.” What happens next is the employee then receives an electronic transfer of money into his bank account, is asked to withdraw the cash, and to keep 150 Canadian dollars for himself. He’s then instructed to take the remainder of the funds to a Bitcoin ATM and scan an emailed QR code with his mobile phone. This causes the cash he deposits into the Bitcoin ATM to be sent in an irreversible transaction to a Bitcoin wallet controlled by the scammers. What’s going on behind the scenes is the funds that get deposited in the employee’s account are invariably stolen from other hacked bank accounts, and the employee is merely helping the crooks launder the stolen money into a form of payment that can’t be reversed. Another boilerplate email intercepted by Hold Security shows Vasty’s new hires manager offering advice to employees who are asked by nosey bank employees about the nature of the funds withdrawal. “Important: If you receive any questions from the bank regarding the purpose of the payment, you can open part of the instructions if necessary and inform that these funds are intended for payment of medicines. In any case, it is a personal payment and it will not be taxed. However, I strongly recommend that you not divulge the rest of the instructions for paying for medicines against coronavirus so as not to aggravate panic among the population.” Americans shouldn’t feel left out of the scam: Hold Security founder Alex Holden says his analysts also intercepted a nearly identical set of scam templates targeting job seekers in the United States. Money mule scammers specialize in hacking employer accounts at job recruitment Web sites like Monster.com, Hotjobs.com and other popular employment search services. Armed with the employer accounts, the crooks are free to search through millions of resumes and reach out to people who are currently between jobs or seeking part-time employment. If you receive a job solicitation via email that sounds too-good-to-be-true, it probably is related in some way to one of these money-laundering schemes. Even if you can’t see the downside to you, someone is likely getting ripped off. Also, know that money mules — however unwitting — may find themselves in hot water with local police, and may be asked by their bank to pay back funds that were illegally transferred into the mules’ account. Overall, Holden said, established cybercriminals who specialize in recruiting and grooming money mules for financial crimes have been cooing of late over the potential glut of new mules. One mule vendor on a popular Russian-language crime forum posted Tuesday that his “drops” — the hacker slang term for money mules — weren’t scared of Coronavirus concerns. “We got drops in masks!,” one vendor proclaimed. “We continue to work despite the Coronavirus,” declared another drops vendor. Any readers interested in helping others affected by the Coronavirus outbreak should consider giving through the organization Vasty is impersonating here; Global Giving. Alternatively, these two stories link to a number of other reputable organizations facilitating Coronavirus relief efforts. A Little Sunshine Latest Warnings Web Fraud 2.0 alex holden bitcoin ATM scam Coronavirus scam GlobalGiving Hold Security Holdsecurity.com Kevin Conroy Vasty Health Care Foundation vastyhealthcarefoundation.com

IT 221

Data Governance: How to Tackle Three Key Issues

Data Breach Today

The Importance of Accountability, Data Inventory and Automation As organizations plot their 2020 cybersecurity strategies, especially in light of privacy regulations, key data governance challenges are emerging. What are the critical issues, and how are they being addressed

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

The Last Watchdog

Encryption is a cornerstone of digital commerce. But it has also proven to be a profound constraint on the full blossoming of cloud computing and the Internet of Things. Related: A ‘homomorphic-like’ encryption solution We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest. However, we’ve yet to arrive at a seminal means to crunch encrypted data – without first having to decrypt it.

TSA Admits Liquid Ban Is Security Theater

Schneier on Security

The TSA is allowing people to bring larger bottles of hand sanitizer with them on airplanes: Passengers will now be allowed to travel with containers of liquid hand sanitizer up to 12 ounces.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Security Breach Disrupts Fintech Firm Finastra

Krebs on Security

Finastra , a company that provides a range of technology solutions to banks worldwide, said it was shutting down key systems in response to a security breach discovered Friday morning.

DOD Warns of Cyber Risks as Employees Work From Home

Data Breach Today

Defense Department to Issue Detailed Security Guidance As more of its employees shift to working from home due to the COVID-19 pandemic, the U.S. Department of Defense is warning workers to take security precautions to guard against potential hackers. It plans to release detailed guidance soon

Risk 205

NEW TECH: WhiteHat Security tackles ‘dangling buckets,’ other new web app exposures

The Last Watchdog

WhiteHat Security got its start some 17 years ago in Silicon Valley to help companies defend their public-facing websites from SQL injection and cross-site scripting hacks. Related: Mobile apps are full of vulnerabilites Both hacking methods remain a problem today. Yet organizations have many more application security headaches to resolve these days.

Cloud 109

Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records

Dark Reading

The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Zxyel Flaw Powers New Mirai IoT Botnet Strain

Krebs on Security

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices.

IoT 179

COVID-19-Themed Malware Goes Mobile

Data Breach Today

Researchers Spot Spyware and Ransomware Targeting Android Devices Cybercriminals, and perhaps nation-state hackers, that are attempting to take advantage of the COVID-19 pandemic are now turning their attention to mobile devices to spread malware, including spyware and ransomware, security researchers warn.

SHARED INTEL: FireMon survey shows security lags behind fast pace of hybrid cloud deployments

The Last Watchdog

Corporate America’s love affair with cloud computing has hit a feverish pitch. Yet ignorance persists when it comes to a momentous challenge at hand: how to go about tapping the benefits of digital transformation while also keeping cyber exposures to a minimum level. Related: Why some CEOs have quit tweeting That’s the upshot of FireMon’s second annual State of Hybrid Cloud Security Report of 522 IT and security professionals, some 14 percent of whom occupy C-suite positions.

DDoS Attack Targets German Food Delivery Service

Dark Reading

Liefrando delivers food from more than 15,000 restaurants in Germany, where people under COVID-19 restrictions depend on the service

105
105

A bug in Tor Browser allows execution of JavaScript even in Safest security level

Security Affairs

Tor Project maintainers warned users about a severe flaw in the Tor browser that may execute JavaScript code on sites it should not. The Tor Project announced a major bug in the Tor browser that may cause the execution of JavaScript code on sites for which users have specifically blocked JavaScript.

Should Location Data Be Used in Battle Against COVID-19?

Data Breach Today

US, UK, Other Nations in Talks With Tech Firms to Provide Information The Trump administration is reportedly in talks with tech companies, including Facebook and Google, to explore whether it's possible to use real-time location data from smartphones to support efforts to slow the spread of COVID-19.

Emergency Surveillance During COVID-19 Crisis

Schneier on Security

Israel is using emergency surveillance powers to track people who may have COVID-19, joining China and Iran in using mass surveillance in this way. I believe pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in the US and other countries.

Security Lessons We've Learned (So Far) from COVID-19

Dark Reading

Takeaways about fighting new fires, securely enabling remote workforces, and human nature during difficult times