Sat.Feb 23, 2019 - Fri.Mar 01, 2019

Innovation Lab: The Role of Blockchain in Information Governance

Everteam

Something is exciting about diving into innovative technology and figuring out how it can improve the way you do business.

MY TAKE: Why the next web-delivered ad you encounter could invisibly infect your smartphone

The Last Watchdog

Google, Facebook and Amazon have gotten filthy rich doing one thing extremely well: fixating on every move each one of us makes when we use our Internet-connected computing devices. Related: Protecting web gateways. The tech titans have swelled into multi-billion dollar behemoths by myopically focusing on delivering targeted online advertising, in support of online retailing. This has largely shaped the digital lives we’ve come to lead. Turns out all of this online profiling has a dark side.

Retail 118

Attacking Soldiers on Social Media

Schneier on Security

A research group at NATO's Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise -- we don't know what country they were from -- to demonstrate the power of the attack technique.

Dow Jones Data Exposed on Public Server

Data Breach Today

Authorized Third Party' Responsible for Leak, Company Says An "authorized third party" exposed a Dow Jones database with more than 2.4 million records of risky businesses and individuals on a public server without password protection.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Payroll Provider Gives Extortionists a Payday

Krebs on Security

Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company’s customers for nearly three days.

More Trending

PDF zero-day samples harvest user data when opened in Chrome

Security Affairs

Experts at Exploit detection service EdgeSpot detected several PDF documents that exploit a zero-day flaw in Chrome to harvest user data.

Cryptocurrency Miners Exploit Latest Drupal Flaw

Data Breach Today

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

Krebs on Security

A Russian court has handed down lengthy prison terms for two men convicted on treason charges for allegedly sharing information about Russian cybercriminals with U.S. law enforcement officials.

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

As companies make more extensive use of evermore capable – and complex — digital systems, what has remained constant is the innumerable paths left wide open for threat actors to waltz through. Related: Applying ‘zero trust’ to managed security services. So why hasn’t the corporate sector been more effective at locking down access for users? It’s not for lack of trying. I recently discussed this with Chris Curcio, vice-president of channel sales at Optimal IdM, a Tampa, Fla.-based

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

70000 Pakistani banks’ cards with PINs go on sale on the dark web.

Security Affairs

Group-IB experts discovered new databases with a total of 69,189 Pakistani banks’ cards that have shown up for sale on the dark web.

Sales 114

15 GDPR Probes in Ireland Target Facebook, Twitter, Others

Data Breach Today

Facebook Alone the Focus of 10 Separate Regulatory Investigations by Privacy Watchdog Ireland's privacy watchdog has its eye on Facebook.

GDPR 232

Crypto Mining Service Coinhive to Call it Quits

Krebs on Security

Roughly one year ago, KrebsOnSecurity published a lengthy investigation into the individuals behind Coinhive[.]com com , a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency.

Mining 206

List of data breaches and cyber attacks in February 2019 – 692,853,046 records leaked

IT Governance

The shortest month of the year is over in a flash, but not before a significant number of data breaches and cyber attacks could take place. I count this month’s total of leaked records to be 692,853,046, bringing 2019’s total to 2,462,038,109.

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

ICANN warns of large-scale attacks on Internet infrastructure

Security Affairs

Large-scale attacks are threatening the global Internet infrastructure, the alarm was launched by the Internet Corporation for Assigned Names and Numbers (ICANN).

Risk 109

Data Breach Notification: California Targets 'Loopholes'

Data Breach Today

Booter Boss Interviewed in 2014 Pleads Guilty

Krebs on Security

A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years.

Digital Transformation in Municipal Government: The Hidden Force Powering Smart Cities

erwin

Smart cities are changing the world. When you think of real-time, data-driven experiences and modern applications to accomplish tasks faster and easier, your local town or city government probably doesn’t come to mind.

Crooks offer millions to skilled black hats to help them in extortion campaigns

Security Affairs

Cybercriminals are offering over a million dollars per year to skilled professionals like vxers and penetration testers to help them in extortion campaigns.

Tech Industry Pushes for Australian Encryption Law Changes

Data Breach Today

Senate Committee Reviewing Law With an Eye to Amend Technology organizations say Australia's anti-encryption law passed in December is already undermining trust in their local operations.

GUEST ESSAY: Repelling social engineering attacks requires shoring up the weakest link: humans

The Last Watchdog

The problem with social engineering attacks is that they capitalize on the weakest link on any computer or network system: You ! Avoiding social engineering attacks requires you to understand what they are and how they work. Related: Why diversity needs to be part of security training. Social engineering takes advantage of human psychology to attack using deception and manipulation. Hackers know that humans are: •Easily distracted.

Celebrating diversity and women in technology in India

OpenText Information Management

This year, OpenText™ sent our first official delegation of talented female employees from our Hyderabad and Bangalore offices to the Grace Hopper Celebration India (GHCI).

Blog 101

B0r0nt0K ransomware demands $75,000 ransom to the victims

Security Affairs

The recently discovered B0r0nt0K ransomware infects both Linux and Windows servers and demands $75,000 ransom to the victims. A new piece of ransomware called B0r0nt0K appeared in the threat landscape, it is targeting web sites and demanding a 20 bitcoin ransom to the victims (roughly $75,000).

UConn Health Among the Latest Phishing Victims

Data Breach Today

A Number of Newly Reported Health Data Breaches Stem From Email Incidents Phishing and other hacking incidents have led to several recently reported large health data breaches, including one that UConn Health reports affected 326,000 individuals

On the Security of Password Managers

Schneier on Security

There's new research on the security of password managers, speficially 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of password lying around memory?

Our Industry Is Failing. Will We Fix It?

John Battelle's Searchblog

If the latest tech revelations have proven anything, it’s that the endless cycle of jaw-dropping headlines and concomitant corporate apologetics has changed exactly nothing. Over and over, the pattern repeats.

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

A new piece of ransomware called Cr1ptT0r infects embedded systems and network attached storage (NAS) devices exposed online. A new piece of ransomware called Cr1ptT0r was discovered by experts, it infects embedded systems and network attached storage (NAS) devices exposed online.

Facebook's Cryptocoin: A Disguised PayPal on a Blockchain?

Data Breach Today

Critics Question Whether Move Is Just 'Marketing Fluff' Facebook is edging closer to launching its own cryptocurrency, with a rollout expected this year, The New York Times reports.

5 Key Takeaways From Michael Cohen's Testimony to Congress

WIRED Threat Level

Michael Cohen testifies before the House Oversight committee, and brings the receipts. Security

What are the best books on information security?

IT Governance

This blog has been updated to reflect industry updates. Originally published 29 November 2017.

ToRPEDO attack allows intercepting calls and track locations on 4G/5G

Security Affairs

ToRPEDO attacks – A group of academics from Purdue University and the University of Iowa discovered multiple vulnerabilities in cellular networks that affect both 4G and 5G LTE protocols.

Paper 99

Spotting Insider Breaches: Employees Can Help

Data Breach Today

Two Recent Incidents Provide Important Lessons Two recent security incidents involving insiders spotlight the importance of employee vigilance in detecting and containing breaches