Sat.Oct 12, 2019 - Fri.Oct 18, 2019

How to Build a Rock-Solid Cybersecurity Culture

Dark Reading

In part one of this two-part series, we start with the basics - getting everyone to understand what's at stake - and then look at lessons from the trenches

Open Cybersecurity Alliance: In Pursuit of Interoperability

Data Breach Today

With 18 Vendors on Board, Experts Assess New Group's Chances for Success Eighteen technology companies have formed the Open Cybersecurity Alliance to foster the development of open source tools to improve interoperability and data sharing between cybersecurity applications.

Top Use Cases for Enterprise Architecture: Architect Everything

erwin

Architect Everything: New use cases for enterprise architecture are increasing enterprise architect’s stock in data-driven business. As enterprise architecture has evolved, so to have the use cases for enterprise architecture.

MY TAKE: How ‘credential stuffing’ and ‘account takeovers’ are leveraging Big Data, automation

The Last Watchdog

A pair of malicious activities have become a stunning example of digital transformation – unfortunately on the darknet. Related: Cyber risks spinning out of IoT Credential stuffing and account takeovers – which take full advantage of Big Data, high-velocity software, and automation – inundated the internet in massive surges in 2018 and the first half of 2019, according to multiple reports. Credential stuffing is one of the simplest cybercriminal exploits , a favorite among hackers.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

“BriansClub” Hack Rescues 26M Stolen Cards

Krebs on Security

“ BriansClub ,” one of the largest underground stores for buying stolen credit card data, has itself been hacked.

Sales 285

More Trending

sudo flaw allows any users to run commands as Root on Linux

Security Affairs

Experts discovered a security policy bypass issue in the Sudo utility that is installed as a command on almost every Linux and Unix system. The Sudo utility that is installed as a command on almost every Linux and Unix system is affected by a security policy bypass issue tracked as CVE-2019-14287.

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

The Last Watchdog

If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. Compromised logins continue to facilitate cyber attacks at all levels, from phishing ruses to credential stuffing to enabling hackers to probe deep inside of a breached network.

When Card Shops Play Dirty, Consumers Win

Krebs on Security

Cybercrime forums have been abuzz this week over news that BriansClub — one of the underground’s largest shops for stolen credit and debit cards — has been hacked, and its inventory of 26 million cards shared with security contacts in the banking industry.

Sales 130

Thoma Bravo to Buy Sophos for $3.9 Billion

Data Breach Today

Sophos Board Will 'Unanimously Recommend' Deal to Shareholders Private-equity firm Thoma Bravo, which already has stakes in several cybersecurity companies, plans to buy U.K.-based based security company Sophos in a $3.9 billion deal, the two companies announced Monday.

Sales 202

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Cracking the Passwords of Early Internet Pioneers

Schneier on Security

Lots of them weren't very good : BSD co-inventor Dennis Ritchie, for instance, used "dmac" (his middle name was MacAlistair); Stephen R.

SHARING INTEL: Why full ‘digital transformation’ requires locking down ‘machine identities’

The Last Watchdog

Digital commerce has come to revolve around two types of identities: human and machine. Great effort has gone into protecting the former, and yet human identities continue to get widely abused by cyber criminals. By comparison, scant effort has gone into securing the latter. This is so in spite of the fact that machine identities are exploding in numbers and have come to saturate digital transformation. Related: IoT exposures explained I’ve conversed several times with Jeff Hudson about this.

Approaching the Reverse Engineering of a RFID/NFC Vending Machine

Security Affairs

Security expert Pasquale Fiorillo demonstrates how to hack n RFID/NFC Vending Machine. The affected vendor did not answer to my responsible disclosure request, so I’m here to disclose this “hack” without revealing the name of the vendor itself.

Ransomware Attacks: STOP, Dharma, Phobos Dominate

Data Breach Today

GlobeImposter 2.0 and Sodinokibi Strikes Also Common, Researchers Find Ransomware is once again the most common illicit profit-making tool in online attackers' arsenal, police warn. Security firm Emsisoft says the most-seen strains in recent months include STOP, Dharma.cezar, Phobos, GlobeImposter 2.0

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Factoring 2048-bit Numbers Using 20 Million Qubits

Schneier on Security

This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk.

Paper 114

SHARED INTEL: How NTA/NDR systems get to ‘ground truth’ of cyber attacks, unauthorized traffic

The Last Watchdog

The digital footprints of U.S. consumers’ have long been up for grabs. No one stops the tech giants, media conglomerates and online advertisers from intensively monetizing consumers’ online behaviors, largely without meaningful disclosure. Related: The state of ransomware Who knew that much the same thing routinely happens to enterprises?

Cloud 116

SIM cards used in 29 countries are vulnerable to Simjacker attack

Security Affairs

Security researchers at Adaptive Mobile who discovered the SimJacker issue have published the list of countries where mobile operators use flawed SIM cards.

Paper 114

'Silent Librarian' Revamps Phishing Campaign: Proofpoint

Data Breach Today

Iranian-Backed Hacking Group Targeting Research Universities "Silent Librarian," a hacking group with apparent ties to the Iranian government, is continuing to revamp and refine its phishing techniques as it targets research universities in the U.S.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

The MacOS Catalina Privacy and Security Features You Should Know

WIRED Threat Level

The latest macOS update is chock-full of ways to better safeguard your data. Security Security / Security Advice

Can smart cities be secured and trusted?

Thales eSecurity

It is the year 2030, and you have had another busy day. As you finish what you thought would be your last espresso and grab your laptop to leave work, your colleague tells you that you need to stay late for an urgent meeting. Panic sets in, but you push past it and put a plan into motion.

Is Emotet gang targeting companies with external SOC?

Security Affairs

Cybercrime gang behind the Emotet malware is targeting organization with external SOC with emails claiming to deliver a SOC “weekly report.”. Introduction. The group behind Emotet malware is getting smarter and smarter in the way the y deliver such a Malware.

Stung by Takedowns, Criminals Tap Distributed Dark Markets

Data Breach Today

Law enforcement success inevitably sparks criminals to become more innovative, including shifting from centralized markets - such as Hansa and Wall Street Market - to encrypted and distributed marketplaces, says the University of Surrey's Alan Woodward

An iTunes Bug Let Hackers Spread Ransomware

WIRED Threat Level

FBI overreach, hacker payback, and more of the week's top security news. Security Security / Security News

Tik Tok, Tick Tock…Boom.

John Battelle's Searchblog

Something’s been bugging me about Tik Tok. I’ve almost downloaded it about a dozen times over the past few months. But I always stop short. I don’t have a ton of time ( here’s why ) so forgive me as I resort to some short form tricks here.

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

The global shipping and mailing services company Pitney Bowes suffered a partial outage of its service caused by a ransomware attack.

Report: Hackers Spied on Moroccan Human Rights Activists

Data Breach Today

Amnesty International Says NSO Group Spyware May Have Been Used Hackers apparently used sophisticated spying tools to plant malware on the smartphones of two human rights activists in Morocco, according to Amnesty International

186
186

How a Bitcoin Trail Led to a Massive Dark Web Child-Porn Site Takedown

WIRED Threat Level

Federal investigators focused not on offensive hacking efforts or surveilling communications, but on the transactions using cryptocurrency. Security Security / Security News

WAVs Hide Malware in Their Depths in Innovative Campaign

Threatpost

Three different loaders and two payloads are hiding in audio files. Malware.wav blackberry cylance campaign loaders Malware analysis obfuscation shell code steganography XMRig

114
114