Sat.Dec 07, 2019 - Fri.Dec 13, 2019

Collaboration Platforms: Great for Collaborating, Problematic for Ediscovery and Compliance

Hanzo Learning Center

Most knowledge work these days demands some form of collaboration. You draft a document; your colleagues comment on it and make suggestions for how it could be better. You chat on Slack about how to incorporate those comments.

Toys “R” Us Is Back—Now With More Surveillance!

WIRED Threat Level

Reports about the toy store using cameras to track shoppers caused an uproar, but the companies behind the tech insist their systems are trained to ignore kids. Security Security / Privacy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

MY TAKE: Why it’s now crucial to preserve PKI, digital certificates as the core of Internet security

The Last Watchdog

For decades, the cornerstone of IT security has been Public Key Infrastructure, or PKI , a system that allows you to encrypt and sign data, issuing digital certificates that authenticate the identity of users. Related: How PKI could secure the Internet of Things If that sounds too complicated to grasp, take a look at the web address for the home page of this website. Take note of how the URL begins with HTTPS. The ‘S’ in HTTPS stands for ‘secure.’

Is your Organization Suffering From Third-Party "Compliance Drift"?

Data Breach Today

Countermeasures to Keep your Compliance On Track and as Originally Designed Third-party vendors accessing your most critical systems and networks can also bring in security incidents along with all those wonderful things they promised in the sales presentation

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Passwordless? Imagining the Future of Authentication

The Security Ledger

The average employee in the workplace has 191 passwords. Will we ever rid ourselves of them and, if so, how? Gerald Beuchelt, the Chief Information Security Officer at LogMeIn talks about how changes in authentication may deliver a passwordless future. The post Passwordless?

More Trending

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Krebs on Security

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo.

GDPR Violation: German Privacy Regulator Fines 1&1 Telecom

Data Breach Today

Flaws in Siemens SPPA-T3000 control system expose power plants to hack

Security Affairs

Experts discovered tens of flaws in the Siemens SPPA-T3000 control systems that could be exploited to attack fossil and renewable power plants.

Why Ring Doorbells Perfectly Exemplify the IoT Security Crisis

WIRED Threat Level

A new wave of reports about the home surveillance cameras getting hijacked by creeps is painfully familiar. Security Security / Cyberattacks and Hacks

IoT 83

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

The Great $50M African IP Address Heist

Krebs on Security

Intel Chips Vulnerable to 'Plundervolt' Attack

Data Breach Today

Dropping Voltage to CPUs Can Force Sensitive Data Disclosure Intel issued a firmware update on Tuesday to mitigate an attack developed by researchers, dubbed Plundervolt, which uses voltage fluctuations to reveal secrets such as encryption keys.

Massive Magecart campaign targets sites offering counterfeit sneakers

Security Affairs

Crooks are targeting these hundreds of sites offering counterfeit sneakers to install malicious Magecart scripts and steal payment credit card data.

Scaring People into Supporting Backdoors

Schneier on Security

Back in 1998, Tim May warned us of the "Four Horsemen of the Infocalypse": "terrorists, pedophiles, drug dealers, and money launderers." I tended to cast it slightly differently.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Patch Tuesday, December 2019 Edition

Krebs on Security

Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software.

City of Pensacola Recovering From Ransomware Attack

Data Breach Today

FBI: Incident Doesn't Appear Related to Last Week's Naval Air Base Shooting The city of Pensacola, Florida, on Tuesday was still recovering from a Saturday ransomware attack that occurred just one day after a shooting incident at Naval Air Station Pensacola.

More than 44 million Microsoft user accounts are exposed to hack

Security Affairs

Microsoft revealed that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking. Microsoft discovered that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking because of using of compromised passwords.

City of Pensacola Hit By Cyberattack Following Shooting

Adam Levin

Pensacola, FL was hit by a cyberattack in the wake of what has been described as a terrorist shooting.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

CISO Magazine Honors KrebsOnSecurity

Krebs on Security

CISO Magazine , a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of “ Cybersecurity Person of the Year ” in its December 2019 issue.

Health Data Breach Tally: Trends in 2019

Data Breach Today

Hacking Attacks, Business Associate Incidents Were Common The federal tally of health data breaches shows that hacking attacks and incidents involving business associates dominated this year. Here's an analysis of all the latest trends

AirDoS attack could make iPhones, iPads unusable via AirDrop attack

Security Affairs

This week, Apple addressed a flaw that can be exploited to trigger a DoS condition (AirDoS) iPhones and iPads by forcing them to continuously display a popup message. The denial-of-service (DoS) attack was discovered by.

IT 81

Why the iPhone 11 Tracks Your Location Even When You Tell It Not To

WIRED Threat Level

Russian disinformation, a VC hack, vulnerable VPNs, and more are in the week’s top security news. Security Security / Security News

IT 80

Data Leak Exposes Birth Certificate Info of 750k

Adam Levin

The personal data of more than 752,000 applicants filed to obtain copies of birth and death certificates was found on an unprotected Amazon Web Services database. .

Joker's Stash Celebrates Turkey Day With Stolen Card Data

Data Breach Today

Sales 158

Vietnam-linked Ocean Lotus hacked BMW and Hyundai networks

Security Affairs

Alleged Vietnamese Ocean Lotus (APT32) hackers breached the networks of the car manufacturers BMW and Hyundai to steal automotive trade secrets.

This Alleged Bitcoin Scam Looked a Lot Like a Pyramid Scheme

WIRED Threat Level

Five men face federal charges of bilking investors of $722 million by inviting them to buy shares in bitcoin mining pools. . Business Business / Blockchain and Cryptocurrency Security

Catches of the month: Phishing scams for December 2019

IT Governance

Want to stay up to date on phishing scams ? Our ‘catches of the month’ feature reviews the most prominent attacks across the web, explaining how they occurred and the steps you should take to stay safe.

Decryptor Bug Means Ryuk Victims Stuck in Ransomware Rut

Data Breach Today

Emsisoft Tool Can Fix Ineffective Attacker-Supplied Decryption - But Back Up the Files Emsisoft has spotted a buggy decryptor for the Ryuk ransomware and developed a custom tool to fix it. But victims will still have to pay the ransom to recover files

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide.

EFF on the Mechanics of Corporate Surveillance

Schneier on Security

EFF has published a comprehensible and very readable "deep dive" into the technologies of corporate surveillance, both on the Internet and off. Well worth reading and sharing. Boing Boing post. businessofsecurity eff privacy surveillance tracking

Generated Passwords, UX and Security Absolutism

Troy Hunt

Last month, Disney launched their new streaming service Disney+ ; "The best stories in the world, all in one place", apparently.