Sat.Jan 18, 2020 - Fri.Jan 24, 2020

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

The Last Watchdog

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.

Cybersecurity Lessons Learned from 'The Rise of Skywalker'

Dark Reading

They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybercrime Statistics in 2019

Security Affairs

I’m preparing the slides for my next speech and I decided to create this post while searching for interesting cybercrime statistics in 2020. Cybercrime will cost as much as $6 trillion annually by 2021.

IoT 87

How Cybercriminals Are Converting Cryptocurrency to Cash

Data Breach Today

Report: Methods Make Payments Difficult to Track Cybercriminals are using increasingly sophisticated methods to turn illicitly gained cryptocurrency into cash, which raises new concerns about enforcing anti-money laundering laws, according a report by Chainalysis

151
151

How to Solve 4 Common Challenges of Legacy Information Management

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Ethical Use of Data for Training Machine Learning Technology - Part 1

AIIM

This is the first part of a 3-part series on the Ethical Use of Data for Training Machine Learning Technology by guest authors Andrew Pery and Michael Simon. Part 1: Bad Things Can Come from Non-neutral Technology. AI technology is becoming pervasive , impacting virtually every facet of our lives.

More Trending

Does Your Domain Have a Registry Lock?

Krebs on Security

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it.

Hackers Target European Energy Firm: Researchers

Data Breach Today

Report Says Group Tied to Iran Could Be Involved Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm Recorded Future

Kids and Code: Object Oriented Programming with Code Combat

Troy Hunt

Geez time flies. It's just a tad under 4 years ago that I wrote about teaching kids to code with code.org which is an amazing resource for young ones to start learning programming basics.

IT 99

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

The US-based children’s clothing maker Hanna Andersson has disclosed a data breach that affected its customers. The US-based children’s clothing maker and online retailer Hanna Andersson discloses a data breach, attackers planted an e-skimmer on its e-commerce platform.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Apple Addresses iPhone 11 Location Privacy Concern

Krebs on Security

Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month. Beta versions of iOS 13.3.1

Emotet Malware Alert Sounded by US Cybersecurity Agency

Data Breach Today

Must-Have Defenses Include Detecting Infections and Lateral Movement, CISA Says Emotet malware alert: The U.S.

Technical Report of the Bezos Phone Hack

Schneier on Security

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman.investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that "appears to be an Arabic language promotional film about telecommunications." That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented "study of the code delivered along with the video.". Investigators determined the video or downloader were suspicious only because Bezos' phone subsequently began transmitting large amounts of data. "[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos' phone began, continuing and escalating for months thereafter," the report states. "The amount of data being transmitted out of Bezos' phone changed dramatically after receiving the WhatsApp video file and never returned to baseline. Following execution of the encrypted downloader sent from MBS' account, egress on the device immediately jumped by approximately 29,000 percent," it notes. "Forensic artifacts show that in the six (6) months prior to receiving the WhatsApp video, Bezos' phone had an average of 430KB of egress per day, fairly typical of an iPhone. Within hours of the WhatsApp video, egress jumped to 126MB. The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data.". The Motherboard article also quotes forensic experts on the report: A mobile forensic expert told Motherboard that the investigation as depicted in the report is significantly incomplete and would only have provided the investigators with about 50 percent of what they needed, especially if this is a nation-state attack. She says the iTunes backup and other extractions they did would get them only messages, photo files, contacts and other files that the user is interested in saving from their applications, but not the core files. "They would need to use a tool like Graykey or Cellebrite Premium or do a jailbreak to get a look at the full file system. That's where that state-sponsored malware is going to be found. Good state-sponsored malware should never show up in a backup," said Sarah Edwards, an author and teacher of mobile forensics for the SANS Institute. "The full file system is getting into the device and getting every single file on there­ -- the whole operating system, the application data, the databases that will not be backed up. So really the in-depth analysis should be done on that full file system, for this level of investigation anyway. I would have insisted on that right from the start.". The investigators do note on the last page of their report that they need to jailbreak Bezos's phone to examine the root file system. Edwards said this would indeed get them everything they would need to search for persistent spyware like the kind created and sold by the NSO Group. But the report doesn't indicate if that did get done. amazon hacking malware saudiarabia smartphones spyware

HSMs: Facilitating Key Management in a Hybrid Cloud Environment

Thales eSecurity

Organizations are actively working to prevent data breaches by encrypting their sensitive information. Encryption isn’t a foolproof security measure, however.

ROT 94

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others. Tucker Preston , 22, of Macon, Ga.,

Vulnerabilities Found in Some GE Healthcare Devices

Data Breach Today

Regulators Issue Alerts; Patches on the Way Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear. The company is working on patches

176
176

NIST releases version 1.0 of the Privacy Framework

Security Affairs

The NIST released version 1.0 of Privacy Framework, it is a tool designed to help organizations to manage privacy risks. The National Institute of Standards and Technology (NIST) has published the release version 1.0 of its privacy framework.

Risk 95

Half a Million IoT Device Passwords Published

Schneier on Security

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

For Mismanaged SOCs, The Price Is Not Right

Dark Reading

New research finds security operations centers suffer high turnover and yield mediocre results for the investment they require

POS Vendor for Cannabis Dispensaries Exposed Data: Report

Data Breach Today

Researchers Discovered Unsecured Database Accessible Via Internet A point-of-sale system vendor that serves U.S.

Sales 176

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate information. Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data.

Weekly Update 175

Troy Hunt

Alright, let me get this off my chest first - I've totally lost it with these bloody Instamics. I've had heaps of dramas in the past with recordings being lost and the first time I do a 3-person weekly update only 2 of them recorded (mine being the exception).

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

DHS Warns of Increasing Emotet Risk

Dark Reading

Emotet is considered one of the most damaging banking Trojans, primarily through its ability to carry other malware into an organization

Risk 85

BT and Vodafone Reportedly Want Huawei 5G Gear

Data Breach Today

Vodafone CEO Has Warned Huawei Ban Would Delay Britain's 5G Rollout by 2 Years Britain's two largest telecommunications firms - BT and Vodafone - plan to lobby Prime Minister Boris Johnson to not fully ban Huawei hardware from the nation's 5G rollout, warning that doing so could delay their rollouts, the Guardian reports.

176
176

THSuite data leak exposes cannabis users information

Security Affairs

Experts found online an unsecured database owned by THSuite and used by point-of-sale systems in medical and recreational marijuana dispensaries.

Sales 88

Everything We Know About the Jeff Bezos Phone Hack

WIRED Threat Level

A UN report links the attack on Jeff Bezos' iPhone X directly to Saudi Arabian Crown Prince Mohammed bin Salman. Security Security / Cyberattacks and Hacks

Ransomware Upgrades with Credential-Stealing Tricks

Dark Reading

The latest version of the FTCode ransomware can steal credentials from five popular browsers and email clients

Treasury Wants to Collect More Cyber Risk Details From Banks

Data Breach Today

Agency Wants to Gather More Data to Support Security of Financial Infrastructure The U.S. Treasury Department is proposing to collect more information from banks and financial markets about the cybersecurity risks they face to help ensure the security of financial infrastructure

Risk 170

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches.

Jeff Bezos’ Hacked Phone, Coronavirus Hits the US, and More News

WIRED Threat Level

Catch up on the most important news from today in two minutes or less. Security Security / Cyberattacks and Hacks