Sat.Oct 13, 2018 - Fri.Oct 19, 2018

GUEST ESSAY: Supply chain vulnerabilities play out in latest Pentagon personnel records breach

The Last Watchdog

It is disheartening, but not at all surprising, that hackers continue to pull off successful breaches of well-defended U.S. government strategic systems. Related podcast: Cyber attacks on critical systems have only just begun. On Friday, Oct. 12, the Pentagon disclosed that intruders breached Defense Department travel records and compromised the personal information and credit card data of U.S. military and civilian personnel. The Associated Press, quoting a U.S.

How Cybercriminals are Targeting free Wi-Fi Users?

Security Affairs

Free Wi-Fi is convenient, but it is also unsafe and puts users at great risk. Here’s how the cybercriminals attack user on these open networks. The free Wi-Fi is one of the catchiest things for the users in today’s world.

Know your enemy – understanding the 7 different types of data breaches

IT Governance

Every day almost 7 million data records are compromised , with no organisation or sector immune. Organisations are facing a war on data breaches, so it’s imperative that ‘know your enemy’ becomes part of their battle tactics.

Anthem Mega-Breach: Record $16 Million HIPAA Settlement

Data Breach Today

Regulators Say Health Insurer Failed to Take Basic Security Steps Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight

GUEST ESSAY: Pentagon’s security flaws highlighted in GAO audit — and recent data breach

The Last Watchdog

Being the obvious target that it is, the U.S. Department of Defense presumably has expended vast resources this century on defending its digital assets from perennial cyber attacks. Related: Why carpet bombing email campaigns endure. And yet two recent disclosures highlight just how brittle the military’s cyber defenses remain in critical areas.

Expert released PoC Code Microsoft Edge Remote Code Execution flaw

Security Affairs

Security expert published the PoC exploit code for the recently fixed critical remote code execution flaw in Edge web browser tracked as CVE-2018-8495. The October 2018 Patch Tuesday addressed 50 known vulnerabilities in Microsoft’s products, 12 of them were labeled as critical.

Trends 112

More Trending

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel.

30k+ Pentagon Employees Compromised in Data Breach

Adam Levin

The credit card data and travel records of roughly 30,000 employees of the U.S. Defense Department have been compromised in a data breach. The hack was first detected on October 4th, but may have occurred months ago and could have affected more accounts than initially reported.

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

Oracle has just released a security update to prevent 2.3 million servers running the RPCBIND service from being used in amplified DDoS attacks. The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs.

How to detect a data breach

IT Governance

The need for speed. Data breaches can have serious financial consequences for organisations of all sizes. The faster a breach can be detected and contained, the lower the costs for the organisation.

Cryptojackers Keep Hacking Unpatched MikroTik Routers

Data Breach Today

215
215

Cybersecurity Awareness Month Blog Series: It’s Cybersecurity Awareness Month – advice to SMBs

Thales eSecurity

This October marks the 15 th year of Cybersecurity Awareness Month.

Pentagon Defense Department travel records data breach

Security Affairs

Pentagon – Defense Department travel records suffered a data breach that compromised the personal information and credit card data of U.S. military and civilian personnel.

5 causes of data breaches that everybody should recognise

IT Governance

The key to reducing the damage that data breaches can cause is to spot them quickly. Ponemon Institute’s 2018 Cost of a Data Breach Study found that organisations that identified a breach within 100 days saved an average of £2 million per incident.

Heads-Up: Patch 'Comically Bad' libSSH Flaw Now

Data Breach Today

Thankfully Most SSH - From BSD to Linux Distros to Macs - Is Unaffected Attention admins: If you use libSSH - one of the open-source flavors of Secure Shell, or SSH - patch now. The advice follows the disclosure of a vulnerability that one expert, Paul Ducklin of Sophos, terms "comically bad

Top 4 Project Management Tools

AIIM

A great project development team can only be great with the right tools. Through the numerous project management methodologies and top-down inferences, there is one constant; management tools. Even the best managers can’t work efficiently without them.

Tools 80

GreyEnergy cyberespionage group targets Poland and Ukraine

Security Affairs

Security researchers from ESET published a detailed analysis of a recently discovered cyber espionage group tracked as GreyEnergy.

Groups 104

Why is the GDPR still something I should be concerned about?

IT Governance

The EU’s GDPR (General Data Protection Regulation) superseded all laws based on the EU’s Data Protection Directive, including the UK’s Data Protection Act 1998, on 25 May 2018.

GDPR 83

10 Cyberattacks Investigated Weekly by UK

Data Breach Today

Majority of Incidents Trace to Hostile Nation-States, NCSC Says The U.K.'s s National Cyber Security Center incident response teams have investigated more than 1,000 significant incidents in the past two years, the majority of which trace to nation-state attackers, officials say

CIP Spotlight: Devon McCollum is Serious About the Information Industry

AIIM

Why choose certification? For me, it's about proof (to myself and to employers) of my expertise.

Chaining three critical vulnerabilities allows takeover of D-Link routers

Security Affairs

Researchers from the Silesian University of Technology in Poland discovered several flaws that could be exploited to take over some D-Link routers.

Robert Mueller Has Already Told You Everything You Need To Know

WIRED Threat Level

With the exception of President Trump’s legal team, no one has been watching the Mueller investigation more closely than Garrett Graff. Security

Aetna Hit With More Penalties for Two Breaches

Data Breach Today

Cases Involved Mailings That Potentially Exposed Sensitive Health Information Health insurer Aetna is still paying the price for two 2017 privacy breaches involving mailings that potentially exposed HIV and cardiac condition information about thousands of individuals. Here's the latest update

Gimmal Extends its DoD 5015.2 Certified Records Management Certification to SharePoint 2016

Gimmal

Gimmal, the world’s leading provider of records management and information governance software, is excited to announce that Gimmal Records Management , which already provides DoD 5015.2-certified for Microsoft SharePoint 2010 and 2013, is now extending its certification to Microsoft 2016.

35 million US voter records available for sale in a hacking forum

Security Affairs

Millions of voter records are available for sale on the Dark Web, experts discovered over 35 million US voter records for sale in a hacking forum.

Sales 101

Are Data Breaches the New Reality for Retail?

Thales eSecurity

As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. Lines are now blurred between physical and digital experiences.

FDA Calls for 'Cybersecurity Bill of Materials' for Devices

Data Breach Today

West Virginia Using Internet Voting

Schneier on Security

This is crazy (and dangerous). West Virginia is allowing people to vote via a smart-phone app. Even crazier, the app uses blockchain -- presumably because they have no idea what the security issues with voting actually are. blockchain phones securitypolicies voting

A crippling ransomware attack hit a water utility in the aftermath of Hurricane Florence

Security Affairs

A water utility in the US state of North Carolina suffered a severe ransomware attack in the week after Hurricane Florence hit the East Coast of the U.S.

Russian Trolls Are Still Playing Both Sides—Even With the Mueller Probe

WIRED Threat Level

The latest indictment against Russian trolls shows how they sowed division in the US on wedge issues, including the investigation into their activity. Security

US Voter Records for Sale on Hacker Forum

Data Breach Today

Exposure Highlights Scant Protection Afforded to Voter Registration Records A batch of U.S. voter registration records from 20 states has appeared for sale online in what appears to be an illegitimate offering. While it's far from the largest-ever seen leak of voter data, the incident again highlights the lax controls too often applied to voter records

Sales 174

How Cyber Essentials can help secure your patch management

IT Governance

In this blog series, we will discuss each of the Cyber Essentials scheme’s five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”.

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

Yoroi security firm uncovered a targeted attack against one of the most important companies in the Italian Naval Industry leveraging MartyMcFly Malware.

A Trove of Facebook Data Is a Spammer's Dream and Your Nightmare

WIRED Threat Level

A new report suggests that spammers, not nation states, may have been behind the Facebook hack. That could be even worse news. Security

Data 71