Sat.Feb 23, 2019 - Fri.Mar 01, 2019

Innovation Lab: The Role of Blockchain in Information Governance

Everteam

Something is exciting about diving into innovative technology and figuring out how it can improve the way you do business.

MY TAKE: Why the next web-delivered ad you encounter could invisibly infect your smartphone

The Last Watchdog

Google, Facebook and Amazon have gotten filthy rich doing one thing extremely well: fixating on every move each one of us makes when we use our Internet-connected computing devices. Related: Protecting web gateways. The tech titans have swelled into multi-billion dollar behemoths by myopically focusing on delivering targeted online advertising, in support of online retailing. This has largely shaped the digital lives we’ve come to lead. Turns out all of this online profiling has a dark side.

Retail 123

Attacking Soldiers on Social Media

Schneier on Security

A research group at NATO's Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise -- we don't know what country they were from -- to demonstrate the power of the attack technique.

Dow Jones Data Exposed on Public Server

Data Breach Today

Authorized Third Party' Responsible for Leak, Company Says An "authorized third party" exposed a Dow Jones database with more than 2.4 million records of risky businesses and individuals on a public server without password protection.

Payroll Provider Gives Extortionists a Payday

Krebs on Security

Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company’s customers for nearly three days.

Q&A: Why SOAR startup Syncurity is bringing a ‘case-management’ approach to threat detection

The Last Watchdog

There’s a frantic scramble going on among those responsible for network security at organizations across all sectors. Related: Why we’re in the Golden Age of cyber espionage. Enterprises have dumped small fortunes into stocking their SOCs (security operations centers) with the best firewalls, anti-malware suites, intrusion detection, data loss prevention and sandbox detonators money can buy. But this hasn’t done the trick.

More Trending

Cryptocurrency Miners Exploit Latest Drupal Flaw

Data Breach Today

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

Krebs on Security

A Russian court has handed down lengthy prison terms for two men convicted on treason charges for allegedly sharing information about Russian cybercriminals with U.S. law enforcement officials.

List of data breaches and cyber attacks in February 2019 – 692,853,046 records leaked

IT Governance

The shortest month of the year is over in a flash, but not before a significant number of data breaches and cyber attacks could take place. I count this month’s total of leaked records to be 692,853,046, bringing 2019’s total to 2,462,038,109.

70000 Pakistani banks’ cards with PINs go on sale on the dark web.

Security Affairs

Group-IB experts discovered new databases with a total of 69,189 Pakistani banks’ cards that have shown up for sale on the dark web.

Sales 114

15 GDPR Probes in Ireland Target Facebook, Twitter, Others

Data Breach Today

Facebook Alone the Focus of 10 Separate Regulatory Investigations by Privacy Watchdog Ireland's privacy watchdog has its eye on Facebook.

GDPR 218

Crypto Mining Service Coinhive to Call it Quits

Krebs on Security

Roughly one year ago, KrebsOnSecurity published a lengthy investigation into the individuals behind Coinhive[.]com com , a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency.

Mining 198

On the Security of Password Managers

Schneier on Security

There's new research on the security of password managers, speficially 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of password lying around memory?

ICANN warns of large-scale attacks on Internet infrastructure

Security Affairs

Large-scale attacks are threatening the global Internet infrastructure, the alarm was launched by the Internet Corporation for Assigned Names and Numbers (ICANN).

Risk 111

Data Breach Notification: California Targets 'Loopholes'

Data Breach Today

Booter Boss Interviewed in 2014 Pleads Guilty

Krebs on Security

A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years.

Celebrating diversity and women in technology in India

OpenText Information Management

This year, OpenText™ sent our first official delegation of talented female employees from our Hyderabad and Bangalore offices to the Grace Hopper Celebration India (GHCI).

Crooks offer millions to skilled black hats to help them in extortion campaigns

Security Affairs

Cybercriminals are offering over a million dollars per year to skilled professionals like vxers and penetration testers to help them in extortion campaigns.

Facebook's Cryptocoin: A Disguised PayPal on a Blockchain?

Data Breach Today

Critics Question Whether Move Is Just 'Marketing Fluff' Facebook is edging closer to launching its own cryptocurrency, with a rollout expected this year, The New York Times reports.

ICANN Urges Greater Domain Name Security

Adam Levin

The infrastructure at the core of the internet is vulnerable to attack from state-sponsored hackers, its governing body warned. .

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

As companies make more extensive use of evermore capable – and complex — digital systems, what has remained constant is the innumerable paths left wide open for threat actors to waltz through. Related: Applying ‘zero trust’ to managed security services. So why hasn’t the corporate sector been more effective at locking down access for users? It’s not for lack of trying. I recently discussed this with Chris Curcio, vice-president of channel sales at Optimal IdM, a Tampa, Fla.-based

B0r0nt0K ransomware demands $75,000 ransom to the victims

Security Affairs

The recently discovered B0r0nt0K ransomware infects both Linux and Windows servers and demands $75,000 ransom to the victims. A new piece of ransomware called B0r0nt0K appeared in the threat landscape, it is targeting web sites and demanding a 20 bitcoin ransom to the victims (roughly $75,000).

UConn Health Among the Latest Phishing Victims

Data Breach Today

A Number of Newly Reported Health Data Breaches Stem From Email Incidents Phishing and other hacking incidents have led to several recently reported large health data breaches, including one that UConn Health reports affected 326,000 individuals

Our Industry Is Failing. Will We Fix It?

John Battelle's Searchblog

If the latest tech revelations have proven anything, it’s that the endless cycle of jaw-dropping headlines and concomitant corporate apologetics has changed exactly nothing. Over and over, the pattern repeats.

Can Everybody Read the US Terrorist Watch List?

Schneier on Security

After years of claiming that the Terrorist Screening Database is kept secret within the government, we have now learned that the DHS shares it "with more than 1,400 private entities, including hospitals and universities.".

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

A new piece of ransomware called Cr1ptT0r infects embedded systems and network attached storage (NAS) devices exposed online. A new piece of ransomware called Cr1ptT0r was discovered by experts, it infects embedded systems and network attached storage (NAS) devices exposed online.

Tech Industry Pushes for Australian Encryption Law Changes

Data Breach Today

Senate Committee Reviewing Law With an Eye to Amend Technology organizations say Australia's anti-encryption law passed in December is already undermining trust in their local operations.

5 Key Takeaways From Michael Cohen's Testimony to Congress

WIRED Threat Level

Michael Cohen testifies before the House Oversight committee, and brings the receipts. Security

Data Leakage from Encrypted Databases

Schneier on Security

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. It describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it. academicpapers databases encryption

ToRPEDO attack allows intercepting calls and track locations on 4G/5G

Security Affairs

ToRPEDO attacks – A group of academics from Purdue University and the University of Iowa discovered multiple vulnerabilities in cellular networks that affect both 4G and 5G LTE protocols.

Paper 101

Spotting Insider Breaches: Employees Can Help

Data Breach Today

Two Recent Incidents Provide Important Lessons Two recent security incidents involving insiders spotlight the importance of employee vigilance in detecting and containing breaches

Digital Transformation in Municipal Government: The Hidden Force Powering Smart Cities

erwin

Smart cities are changing the world. When you think of real-time, data-driven experiences and modern applications to accomplish tasks faster and easier, your local town or city government probably doesn’t come to mind.

What are the best books on information security?

IT Governance

This blog has been updated to reflect industry updates. Originally published 29 November 2017.

Malware spam campaign exploits WinRAR flaw to deliver Backdoor

Security Affairs

Experts discovered a malspam campaign that is distributing a malicious RAR archive that could exploit the WinRAR flaw to install deliver malware on a computer.