Sat.Nov 09, 2019 - Fri.Nov 15, 2019

Post-GDPR Developments on Data Protection and Privacy Regulations Around the World

Thales eSecurity

In the modern era of a global information economy, every single day, enormous amounts of information are transmitted, stored and collected worldwide.

7 Takeaways: Insider Breach at Twitter

Data Breach Today

Bribing Employees Easier Than Hacking Silicon Valley, Security Experts Say Why try to hack Silicon Valley firms if you can buy off their employees instead?

More than half of IT staff think employees need cyber security training

IT Governance

Cyber security awareness training is one of the most important steps an organisation can take to protect its systems.

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

SHARED INTEL: What can be done — today — to keep quantum computing from killing encryption

The Last Watchdog

There’s little doubt that the shift to quantum computing will open new horizons of digital commerce. But it’s also plain as day that the mainstreaming of quantum processing power will profoundly exacerbate cybersecurity exposures. Related: The ‘post quantum crytpo’ race is on This isn’t coming as any surprise to IT department heads.

More Trending

Two men arrested for stealing $550,000 in cryptocurrency with Sim Swapping

Security Affairs

On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping. American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency.

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Krebs on Security

146 New Vulnerabilities All Come Preinstalled on Android Phones

WIRED Threat Level

The dozens of flaws across 29 Android smartphone makers show just how insecure the devices can be, even brand-new. Security Security / Security News

Report Calls for Enforcing Voting Machine Standards

Data Breach Today

Study Recommends Federal Certification Program for Vendors Providing Election Infrastructure A new report calls for the creation of a federal certification program that makes sure vendors that build election infrastructure - including voting machines - meet cybersecurity standards

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

Security Affairs

Visa Payment Fraud Disruption warns of a new JavaScript skimmer dubbed Pipka used to siphon payment data from e-commerce merchant websites. Visa Payment Fraud Disruption warns of a new JavaScript skimmer dubbed Pipka that was used by crooks to steal payment data from e-commerce merchant websites.

TPM-Fail Attacks Against Cryptographic Coprocessors

Schneier on Security

Really interesting research: TPM-FAIL: TPM meets Timing and Lattice Attacks , by Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger.

Russia Fails to Stop Alleged Hacker From Facing US Charges

WIRED Threat Level

The repercussions over custody and extradition of Aleksei Burkov have set off a geopolitical maelstrom. Security Security / National Security

The Dark Web's Automobile Hacking Forums

Data Breach Today

There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etan Maor of IntSights.

189
189

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

DDoS-for-Hire Services operator sentenced to 13 months in prison

Security Affairs

Sergiy P. , the administrator of DDoS-for-hire services was sentenced to 13 months in prison, and additional three years of supervised release. Sergiy P.

Managed Attribution Threat Modeling

Adam Shostack

The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” ” Perhaps that’s “finding threats.” ” Maybe it’s “discovering” or “eliciting” them.

IT 81

Technology and Policymakers

Schneier on Security

Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world's problems.

New JavaScript Skimmer Found on Ecommerce Sites

Data Breach Today

Visa Security Researchers Say 'Pipka' Is Good at Avoiding Detection Security researchers at Visa have uncovered a new type of JavaScript skimmer that has infected the online checkout pages for at least 17 ecommerce websites in an effort to steal payment card data.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

The Australian Parliament was hacked earlier this year

Security Affairs

The computer network of Australian Parliament was hacked earlier this year, and hackers exfiltrated data from the computers of several elected officials.

Did you know? AMC Monthly Newsletter

Micro Focus

It may be getting colder out there, but things are warming up in the world of Application Modernization & Connectivity and our November newsletter has all the news about events, webinars, and more. Take in a TechTip We are pleased to announce three more additions to our TechTip Webinar series.

IT 77

Identifying and Arresting Ransomware Criminals

Schneier on Security

The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because -- as generally happens -- they made mistakes covering their tracks.

Phishing Campaigns Spoof Government Agencies: Report

Data Breach Today

Proofpoint Research Points to More Sophisticated Techniques A newly discovered hacking group is using an array of sophisticated spoofing and social engineering techniques to imitate government agencies, including the U.S.

New TA2101 threat actor poses as government agencies to distribute malware

Security Affairs

A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy.

Weekly Udpate 164

Troy Hunt

It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week.

IT 73

Documentation Theory for Information Governance

ARMA International

This article is part of a collaboration between ARMA and AIEF and is included in Information Management Magazine, ARMA-AIEF Special Edition , which will be available for download in November. A printed version of the special issue will be available as well, for a nominal fee.

Election Interference Notification Protocols Unveiled

Data Breach Today

White House Describes Framework for Notifying Public of 2020 Election Interference The White House has developed protocols for notifying the public of nation-state hacking or other interference during the 2020 presidential election cycle. But the full framework has not yet been released

182
182

Experts found privilege escalation issue in Symantec Endpoint Protection

Security Affairs

Symantec addressed a local privilege escalation flaw that affects all Symantec Endpoint Protection client versions prior to 14.2 Symantec addressed a local privilege escalation flaw, tracked as CVE-2019-12758 , that affects all Symantec Endpoint Protection client versions prior to 14.2

Data Governance Tools: What Are They? Are They Optional?

erwin

Data governance tools used to occupy a niche in an organization’s tech stack, but those days are gone. The rise of data-driven business and the complexities that come with it ushered in a soft mandate for data governance and data governance tools.