Sat.Aug 17, 2019 - Fri.Aug 23, 2019

Forced Password Reset? Check Your Assumptions

Krebs on Security

Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password.

MY TAKE: Can embedding security deep inside mobile apps point the way to securing IoT?

The Last Watchdog

The full blossoming of the Internet of Things is on the near horizon – or is it? Enterprises across the planet are revving up their IoT business models, and yet there is a sense of foreboding about a rising wave of IoT-related security exposures.

IoT 172

The rise of hybrid cloud poses new security challenges – are you prepared?

Thales eSecurity

There aren’t many sure bets in technology today, but it’s hard to see an enterprise world without the use of hybrid cloud environments.

Cloud 113

Harnessing structured and unstructured data for digital transformation

Information Management Resources

As executives look to evolve, the common thread amongst these objectives is the critical importance of analyzing data – both structured and unstructured – to attaining lasting success

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Cloud Security: Mess It Up and It's on You

Data Breach Today

Jay Heiser of Gartner Says the Cloud Demands New Security Processes, Tools The transition to cloud-based software and infrastructure has revolutionized development and services. It's also created a bevy of new security challenges.

IT 198

More Trending

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

The Last Watchdog

A faked Rolex or Prada handbag is easy enough to acquire on the street in certain cities, and you can certainly hunt one down online. Now add high-end counterfeit smartphones to the list of luxury consumer items that are being aggressively marketed to bargain-hungry consumers.

Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs

Security Affairs

Hackers are exploiting recently disclosed flaws in enterprise virtual private network (VPN) products from Fortinet and Pulse Secure.

Texas Pummeled by Coordinated Ransomware Attack

Data Breach Today

Cybercrime Campaign Counts 23 Victims - Mostly Local Government Entities State officials in Texas say that at least 23 local government entities have fallen victim to a coordinated ransomware attack unleashed on Friday morning.

The Rise of “Bulletproof” Residential Networks

Krebs on Security

Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Traditionally, those connections have been mainly hacked computers, mobile phones, or home routers.

Retail 284

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

GUEST ESSAY: The ethical considerations of personal privacy viewed as a human right

The Last Watchdog

It ought to be clear to everyone that personal privacy should be a human right and not a commodity to be bought and sold. Alas, we can’t take it for granted: data breaches put us under fire constantly, revealing everything about us from logs and passwords to medical data. The recent Suprema data breach , for example, exposed such sensitive data as fingerprints, facial recognition, and clearance level information of as many as 28 million employees worldwide.

License Plate "NULL"

Schneier on Security

There was a DefCon talk by someone with the vanity plate "NULL." The California system assigned him every ticket with no license plate: $12,000.

114
114

FBI Arrests Nigerian Suspect in $11 Million BEC Scheme

Data Breach Today

Scam Targeted UK Affiliate of US Heavy Equipment Firm Caterpillar, Prosecutors Allege The FBI has arrested a Nigerian businessman for allegedly carrying out an $11 million business email compromise scheme that targeted a U.K. affiliate of U.S. heavy equipment manufacturer Caterpillar

Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency

Security Affairs

The Ukrainian Secret Service is investigating the case of employees at a nuclear power plant that connected its system online to mine cryp tocurrency.

Mining 114

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

MY TAKE: Here’s how ‘bulletproof proxies’ help criminals put compromised IoT devices to work

The Last Watchdog

Between Q1 2019 and Q2 2019, malicious communications emanating from residential IP addresses in the U.S. namely smart refrigerators, garage doors, home routers and the like – nearly quadrupled for the retail and financial services sectors. Related: How botnets gave Trump 6 million faked followers To put it plainly, this represented a spike in cyber attacks bouncing through ordinary Internet-connected devices humming away in homes across America.

IoT 129

Modifying a Tesla to Become a Surveillance Platform

Schneier on Security

From DefCon : At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout.

IT 114

Facebook and Twitter Scuttle Hong Kong Disinformation

Data Breach Today

Pro-Democracy Protestors Targeted via Information Operations Attributed to China Facebook and Twitter have suspended a number of accounts and pages that they have tied to information operations being run by the Chinese government.

A new Zero-Day in Steam client impacts over 96 million Windows users

Security Affairs

A new zero-day vulnerability in the for Windows impacting over 96 million users was disclosed by researcher Vasily Kravets. A news zero-day flaw in the Steam client for Windows client impacts over 96 million users.

IT 114

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

MY TAKE: Coping with security risks, compliance issues spun up by ‘digital transformation’

The Last Watchdog

A core security challenge confronts just about every company today. Related : Can serverless computing plus GitOps lock down DX? Companies are being compelled to embrace digital transformation, or DX , if for no other reason than the fear of being left behind as competitors leverage microservices, containers and cloud infrastructure to spin-up software innovation at high velocity.

Google Finds 20-Year-Old Microsoft Windows Vulnerability

Schneier on Security

There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP. google microsoft vulnerabilities windows

IT 114

Texas Says 22 Local Government Agencies Hit by Ransomware

Data Breach Today

Single Threat Actor' Suspected; Government Coalition Urges Greater Prevention Ransomware-wielding attackers continue to target not just big businesses and large government agencies, but increasingly their smaller counterparts too.

Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes

Security Affairs

Researchers at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) tracked as CVE-2019-6177. Security experts at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) that exists since 2011.

You Can Jailbreak Your iPhone Again (But Maybe You Shouldn’t)

WIRED Threat Level

Apple reintroduced a previously fixed bug in iOS 12.4, which has led to a jailbreak revival. Security Security / Security News

Influence Operations Kill Chain

Schneier on Security

Influence operations are elusive to define. The Rand Corp.'s s definition is as good as any: "the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent."

Down and Out in Hacktivist Land

Data Breach Today

Bona Fide Hacktivism Plummets, While Nation-State False-Flag Operations Continue Where have all the hacktivists gone?

231
231

Romania is going to exclude Huawei from its 5G Network

Security Affairs

Romania will ban Chinese giant Huawei from its 5G network, reads a joint statement signed by the Romanian and US presidents. Romania could be the last state in order of time to ban Chinese giant Huawei from its 5G network, reads a joint statement signed by the Romanian and US presidents.

IT 114

Facebook’s New Privacy Feature Comes With a Loophole

WIRED Threat Level

"Off-Facebook Activity" will give users more control over their data, but Facebook needs up to 48 hours to aggregate your information into a format it can share with advertisers. Security Security / Privacy

Surveillance as a Condition for Humanitarian Aid

Schneier on Security

Excellent op-ed on the growing trend to tie humanitarian aid to surveillance. Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political problems.