Sat.Aug 15, 2020 - Fri.Aug 21, 2020

Medical Records Exposed via GitHub Leaks

Data Breach Today

Report: 9 Leaks Account for Exposure of PHI for at Least 150,000 Patients Never store hardcoded credentials in code uploaded to public-facing GitHub repositories, and make sure none of your business associates are doing that.

284
284

Microsoft Put Off Fixing Zero Day for 2 Years

Krebs on Security

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH: A better way to secure agile software — integrate app scanning, pen testing into WAF

The Last Watchdog

The amazing array of digital services we so blithely access on our smartphones wouldn’t exist without agile software development. Related: ‘Business logic’ hacks on the rise Consider that we began this century relying on the legacy “waterfall” software development process. This method required a linear plan, moving in one direction, that culminated in a beta deliverable by a hard and fast deadline. To set this deadline required a long, often tortured planning cycle.

University of Utah Pays in Cyber-Extortion Scheme

Dark Reading

Though a ransomware attempt was thwarted, the university paid to prevent the release of student PII

Product Analytics Playbook: Mastering Retention

Why do your users churn? In this guide you'll learn common product pitfalls and how to fix them.

Former Uber CSO Charged With Covering Up 2016 Data Breach

Data Breach Today

Joe Sullivan Accused of Making 'Hush Money' Bitcoin Payoff to Hackers The U.S.

More Trending

Copying a Key by Listening to It in Action

Schneier on Security

Researchers are using recordings of keys being used in locks to create copies.

IT 111

Cryptominer Found Embedded in AWS Community AMI

Dark Reading

Researchers advise Amazon Web Services users running Community Amazon Machine Images to verify them for potentially malicious code

111
111

Ransomware Payday: Average Payments Jump to $178,000

Data Breach Today

Coveware: Average Ransom Paid Jumps 60%; Sodinokibi, Maze, Phobos Dominate Ransomware gangs continue to see bigger payoffs from their ransom-paying victims, driven by "big-game hunting," data exfiltration and smaller players seeking larger returns, according to ransomware incident response firm Coveware.

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “ vishing ” attacks targeting companies.

Rethinking Information Governance In The Age of Unstructured Enterprise Data

Onna is breaking down how the concept of information governance has evolved and ways today’s businesses can develop a holistic framework to keep up with a rapidly accelerating datasphere.

What mixture of leadership styles should a decent data protection officer display?

Data Protector

I was recently asked this question and found it hard to answer. So much depends on the culture of the organisation and the resources available to the DPO.

The IT Backbone of Cybercrime

Dark Reading

Like their counterparts who run legitimate businesses, cybercriminals need hosting and cybersecurity protection, too

Carnival Cruise Ship Firm Investigating Ransomware Attack

Data Breach Today

SEC Filing Warns That Guest and Employee Data Likely Compromised Carnival Corp., the world's largest cruise ship company, is investigating a ransomware attack that likely compromised guest and employee data, according its filing with the SEC. It's the company's second security incident this year

ATM Hackers Have Picked Up Some Clever New Tricks

WIRED Threat Level

Over the last few years, so-called jackpotting attacks have gotten increasingly sophisticated—while cash machines remain largely the same. Security Security / Cyberattacks and Hacks

The Best Sales Forecasting Models for Weathering Your Goals

Every sales forecasting model has a different strength and predictability method. It’s recommended to test out which one is best for your team. This way, you’ll be able to further enhance – and optimize – your newly-developed pipeline. Your future sales forecast? Sunny skies (and success) are just ahead!

International data transfers: an opinion the EDPB (probably) won’t publish

Data Protector

One of the consequences of the Scherms II decision is that EU organisations need to take greater care in determining how best to protect the flows of personal data outside the EU.

Ransomware Attack on Carnival May Have Been Its Second Compromise This Year

Dark Reading

Security vendor Prevailion says it observed signs of malicious activity on the cruise operator's network between at least February and June

So You Want to Build a Vulnerability Disclosure Program?

Data Breach Today

The NSA and FBI Expose Fancy Bear's Sneaky Hacking Tool

WIRED Threat Level

Plus: TikTok tracking, Russian SIMs, and more of this week's top security news. Security Security / Security News

Future-Proofing Your Information Governance Strategy

Speaker: Crystal Cao, Lindsey Simon & Lisa Ripley

Join Onna and experts from Quip, Airbnb, and Oracle for this live webinar as they dive into proactive data deletion policies, retention strategies, and legal hold practices that are essential to a modern enterprise information governance strategy.

The Schrems II decision – some EU data exporters will face a huge task to work out whether SCCs are sufficient

Data Protector

Many privacy professionals will be shocked to learn that, in terms of safeguarding personal data flows from an EU to a non-EU country, in the absence of an adequacy decision, more is required than simply slipping the right set of SCCs into a vendor contract.

GDPR 156

'Next-Gen' Supply Chain Attacks Surge 430%

Dark Reading

Attackers are increasingly seeding open source projects with compromised components

109
109

Incident Response: Taking a More Deliberate Approach

Data Breach Today

Kelvin Coleman of National Cyber Security Alliance Offers Guidance Organizations in all sectors need to take a more deliberate approach to incident response, says Kelvin Coleman, executive director of the National Cyber Security Alliance, who offers guidance

The Attack That Broke Twitter Is Hitting Dozens of Companies

WIRED Threat Level

“Phone spear phishing” attacks have been on the rise since a bitcoin scam took over the social media platform in July. Security Security / Cyberattacks and Hacks

The North Star Playbook

Every product needs a North Star. In this guide, we will show you the metrics product managers need to tie product improvements to revenue impact. If you are looking for a more-focused, less-reactive way to work, this guide is for you.

In praise of. the Investigatory Powers Act 2016

Data Protector

Twitter Hack: The Spotlight that Insider Threats Need

Dark Reading

The high profile attack should spur serious board-level conversations around the importance of insider threat prevention

108
108

Fraudsters Putting on the Ritz

Data Breach Today

Luxury London Hotel Investigates 'Food and Beverage Reservation System' Data Breach Scammers have reportedly been putting one over on customers of the famous Ritz London, which says it is "aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients' personal data."

How Four Brothers Allegedly Fleeced $19 Million From Amazon

WIRED Threat Level

The scheme involved 7,000 $94 toothbrushes, according to law enforcement. Security Security / Security News

B2B Pocket Playbook: End-to-End Guide to Sales Enablement

Sales enablement is the strategic process of providing sales teams with the content, guidance, and mentorship needed to engage targeted buyers. It’s all about equipping sales professionals with the tools they need to put their best-selling foot forward. And if sales teams want to continuously sell better -- and faster -- their sales enablement process must have a game-winning strategy. It's time for you to start selling smarter - and hitting your sales number - with the best B2B database in the market. Get started today.

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

One of the Government's core objectives throughout the Brexit negotiations has been to respect data protection rights, slash Brussels' red tape and allow the United Kingdom to be a competitive safe haven for businesses all over the world.

GDPR 156

74 Days From the Presidential Election, Security Worries Mount

Dark Reading

With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election

University of Utah Pays Ransom to Avoid Data Disclosure

Data Breach Today

Cyber Insurance Covered a Portion of the $457,000 Expense The University of Utah paid a $457,000 ransom to stop a hacker from disclosing data stolen in a July ransomware attack on the network of its College of Social and Behavioral Science