Sat.Dec 28, 2019 - Fri.Jan 03, 2020

How Cybersecurity's Metrics of Misery Fail to Describe Cybercrime Pain

Dark Reading

Dollars lost and data records exposed are valuable measurements, but the true pain of a cybersecurity incident goes far beyond that. We asked infosec pros how they put words to the pain they feel when their defenses fall apart

Mean Time to Hardening: The Next-Gen Security Metric

Threatpost

Given that the average time to weaponizing a new bug is seven days, you effectively have 72 hours to harden your systems before you will see new exploits.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Promiscuous Cookies and Their Impending Death via the SameSite Policy

Troy Hunt

Cookies like to get around. They have no scruples about where they go save for some basic constraints relating to the origin from which they were set.

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

Physical security is the protection of personnel and IT infrastructure (such as hardware, software, and data) from physical actions and events that could cause severe damage to an organization. This includes protection from natural disasters, theft, vandalism, and terrorism. Related: Good to know about IoT Physical security is often a second thought when it comes to information security.

Risk 143

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Understanding the data downtime gap — and how to fix it

Information Management Resources

The growing dependence on information, plus the sheer amount of it, has led to something called the data downtime gap. Here's a look at what that is and how companies can address it. Data visualization Analytics Data management

IT 50

More Trending

7 Tips for Maximizing Your SOC

Threatpost

Use the seven points listed above to create an effective and efficient operational workflow and, importantly, happier analysts who aren't buried at the bottom of a pile of mostly irrelevant data.

MY TAKE: Why we should all now focus on restoring stability to US-Iran relations

The Last Watchdog

As tensions escalate between the U.S. and Iran it’s vital not to lose sight of how we arrived at this point. Related: We’re in the golden age of cyber spying Mainstream news outlets are hyper focused on the events of the past six days. A Dec.

Happy 10th Birthday, KrebsOnSecurity.com

Krebs on Security

Today marks the 10th anniversary of KrebsOnSecurity.com! Over the past decade, the site has featured more than 1,800 stories focusing mainly on cybercrime, computer security and user privacy concerns. And what a decade it has been.

Restaurant Chain Landry's Investigates Malware Incident

Data Breach Today

Houston-Based Firm Describes How Card Data May Have Been Breached Landry's Inc., a Houston-based company that owns and operates over 600 restaurants, hotels, casinos and other entertainment establishments in the U.S.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

How the US Prepares Its Embassies for Potential Attacks

WIRED Threat Level

In addition to securing physical structures, the Diplomatic Security Service runs simulations of protests in a model city in Virginia. Security Security / National Security

IT 83

US Army banned the popular TikTok app over China security concerns

Security Affairs

The U.S. Army this week has banned the popular TikTok app from government mobile amid fear of China-linked cyberespionage. The US Army has banned the use of the popular TikTok app on mobile phones used by its personnel for security reasons.

The United Kingdom Leaks Home Addresses of Prominent Brits

Adam Levin

2020 seems to be getting off to an inauspicious start with the compromise of the home addresses of prominent UK citizens–many of them in lines of work that could make them targets for crime.

Smart Home Device Maker Wyze Exposed Camera Database

Data Breach Today

Technical Data Plus Emails Made It Possible to Link Cameras to People Seattle-based smart home device maker Wyze says an error by a developer exposed a database to the internet over a three-week period earlier this month.

IT 179

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

The Most Dangerous People on the Internet This Decade

WIRED Threat Level

In the early aughts the internet was less dangerous than it was disruptive. That's changed. . Security Security / Security News

IT 82

Crooks use Star Wars saga as bait in Phishing and malware attacks

Security Affairs

Crooks are exploiting the popularity of the Star Wars saga to monetize their efforts, experts warn of online streaming sites delivering malware. Cybercriminals leverage popular movies like Star Wars to lure users into downloading malware to watch exclusive scenes or the full movie.

2019: 12 Months of Connecting with Customers

Micro Focus

As is customary with this time of year, blogs, press and social media are filled with top 10 lists, year in review, articles reflecting back on what has passed and what is to come. I wanted to take a moment to reflect on 2019 and some of the ways the Micro Focus team has come. View Article.

Microsoft Removes 50 Domains Tied to North Korean Hackers

Data Breach Today

Company Says Malicious Sites Used For Spear-Phishing and Malware Attacks Microsoft has taken control of 50 domains that the company says were used by a hacking group with ties to North Korea. The attackers used these sites to launch spear-phishing attacks against specific victims and spread malware

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Chrome Extension Stealing Cryptocurrency Keys and Passwords

Schneier on Security

A malicious Chrome extension surreptitiously steals Ethereum keys and passwords: According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk.

Expert finds Starbucks API Key exposed online

Security Affairs

Developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users.

Top 10 Data Governance Trends for 2020: Data’s Real Value Comes Into Focus

erwin

Understanding the data governance trends for the year ahead will give business leaders and data professionals a competitive edge … Happy New Year! Regulatory compliance and data breaches have driven the data governance narrative during the past few years.

Ambulance Company Slapped With HIPAA Fine

Data Breach Today

Regulator Says Case Involved 'Longstanding Compliance Issues' Federal regulators have smacked a Georgia-based ambulance company with a financial settlement and corrective action plan in a case involving "longstanding" HIPAA compliance issues. How big was the fine, and what factors precipitated it

Hacking School Surveillance Systems

Schneier on Security

Lance Vick suggesting that students hack their schools' surveillance systems. This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine," he said.

IT 73

Irish National Cyber Security Strategy warns of ?attacks on Irish data centres

Security Affairs

The Irish government has published its National Cyber Security Strategy ?, it is an update of the country’s first Strategy which was published in 2015.

Happy New Year! 2020!

IG Guru

IG GURU wishes you a Happy 2020!! Thank you for following us! The post Happy New Year! appeared first on IG GURU. IG News

65

US Coast Guard Warns Over Ryuk Ransomware Attacks

Data Breach Today

Incident That Targeted Maritime Facility Traced to Phishing Email The U.S. Coast Guard issued a security alert this month after a ransomware attack took down the IT network of an unnamed maritime facility.

Mysterious Drones are Flying over Colorado

Schneier on Security

No one knows who they belong to. Well, of course someone knows. And my guess is that it's likely that we will know soon

IT 69

Shitcoin Wallet Chrome extension steals crypto-wallet private keys and passwords

Security Affairs

Security expert discovered a Google Chrome extension named Shitcoin Wallet that steals passwords and wallet private keys. Harry Denley, director of security at the MyCrypto , discovered that the Google Chrome extension named Shitcoin Wallet is stealing passwords and wallet private keys.

How Iran's Hackers Might Strike Back After Soleimani's Assassination

WIRED Threat Level

From data-destroying wipers to industrial control system hacking, Iran has a potent arsenal of cyberattacks at its disposal. Security Security / National Security

IT 63

US Conflict With Iran Sparks Cybersecurity Concerns

Data Breach Today

Homeland Security Reminds CISOs to Protect Critical Systems After an Iranian general was killed in a U.S.

Predicting the top 7 trends in manufacturing for 2020

OpenText Information Management

After starting the year strongly, manufacturing left 2019 faced with shrinking production and global uncertainty. Deloitte suggests manufacturers should increase the resilience in their operations while building and improving their ‘digital muscle’.