Sat.Oct 13, 2018 - Fri.Oct 19, 2018

GUEST ESSAY: Supply chain vulnerabilities play out in latest Pentagon personnel records breach

The Last Watchdog

It is disheartening, but not at all surprising, that hackers continue to pull off successful breaches of well-defended U.S. government strategic systems. Related podcast: Cyber attacks on critical systems have only just begun. On Friday, Oct. 12, the Pentagon disclosed that intruders breached Defense Department travel records and compromised the personal information and credit card data of U.S. military and civilian personnel. The Associated Press, quoting a U.S.

How Cybercriminals are Targeting free Wi-Fi Users?

Security Affairs

Free Wi-Fi is convenient, but it is also unsafe and puts users at great risk. Here’s how the cybercriminals attack user on these open networks. The free Wi-Fi is one of the catchiest things for the users in today’s world.

Know your enemy – understanding the 7 different types of data breaches

IT Governance

Every day almost 7 million data records are compromised , with no organisation or sector immune. Organisations are facing a war on data breaches, so it’s imperative that ‘know your enemy’ becomes part of their battle tactics.

Anthem Mega-Breach: Record $16 Million HIPAA Settlement

Data Breach Today

Regulators Say Health Insurer Failed to Take Basic Security Steps Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight

GUEST ESSAY: Pentagon’s security flaws highlighted in GAO audit — and recent data breach

The Last Watchdog

Being the obvious target that it is, the U.S. Department of Defense presumably has expended vast resources this century on defending its digital assets from perennial cyber attacks. Related: Why carpet bombing email campaigns endure. And yet two recent disclosures highlight just how brittle the military’s cyber defenses remain in critical areas.

How DNA Databases Violate Everyone's Privacy

Schneier on Security

If you're an American of European descent, there's a 60% you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public.

More Trending

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel.

How to detect a data breach

IT Governance

The need for speed. Data breaches can have serious financial consequences for organisations of all sizes. The faster a breach can be detected and contained, the lower the costs for the organisation.

West Virginia Using Internet Voting

Schneier on Security

This is crazy (and dangerous). West Virginia is allowing people to vote via a smart-phone app. Even crazier, the app uses blockchain -- presumably because they have no idea what the security issues with voting actually are. blockchain phones securitypolicies voting

Cybersecurity Awareness Month Blog Series: It’s Cybersecurity Awareness Month – advice to SMBs

Thales Data Security

This October marks the 15 th year of Cybersecurity Awareness Month.

10 Cyberattacks Investigated Weekly by UK

Data Breach Today

Majority of Incidents Trace to Hostile Nation-States, NCSC Says The U.K.'s s National Cyber Security Center incident response teams have investigated more than 1,000 significant incidents in the past two years, the majority of which trace to nation-state attackers, officials say

5 causes of data breaches that everybody should recognise

IT Governance

The key to reducing the damage that data breaches can cause is to spot them quickly. Ponemon Institute’s 2018 Cost of a Data Breach Study found that organisations that identified a breach within 100 days saved an average of £2 million per incident.

Privacy for Tigers

Schneier on Security

Ross Anderson has some new work : As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images.

Top 4 Project Management Tools

AIIM

A great project development team can only be great with the right tools. Through the numerous project management methodologies and top-down inferences, there is one constant; management tools. Even the best managers can’t work efficiently without them.

Tools 83

Cryptojackers Keep Hacking Unpatched MikroTik Routers

Data Breach Today

219
219

Robert Mueller Has Already Told You Everything You Need To Know

WIRED Threat Level

With the exception of President Trump’s legal team, no one has been watching the Mueller investigation more closely than Garrett Graff. Security

Government Perspective on Supply Chain Security

Schneier on Security

This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now. cybersecurity infrastructure internetofthings nationalsecuritypolicy nsa

Gimmal Extends its DoD 5015.2 Certified Records Management Certification to SharePoint 2016

Gimmal

Gimmal, the world’s leading provider of records management and information governance software, is excited to announce that Gimmal Records Management , which already provides DoD 5015.2-certified for Microsoft SharePoint 2010 and 2013, is now extending its certification to Microsoft 2016.

Heads-Up: Patch 'Comically Bad' libSSH Flaw Now

Data Breach Today

Thankfully Most SSH - From BSD to Linux Distros to Macs - Is Unaffected Attention admins: If you use libSSH - one of the open-source flavors of Secure Shell, or SSH - patch now. The advice follows the disclosure of a vulnerability that one expert, Paul Ducklin of Sophos, terms "comically bad

CIP Spotlight: Devon McCollum is Serious About the Information Industry

AIIM

Why choose certification? For me, it's about proof (to myself and to employers) of my expertise.

Why is the GDPR still something I should be concerned about?

IT Governance

The EU’s GDPR (General Data Protection Regulation) superseded all laws based on the EU’s Data Protection Directive, including the UK’s Data Protection Act 1998, on 25 May 2018.

GDPR 80

Expert released PoC Code Microsoft Edge Remote Code Execution flaw

Security Affairs

Security expert published the PoC exploit code for the recently fixed critical remote code execution flaw in Edge web browser tracked as CVE-2018-8495. The October 2018 Patch Tuesday addressed 50 known vulnerabilities in Microsoft’s products, 12 of them were labeled as critical.

Trends 112

Aetna Hit With More Penalties for Two Breaches

Data Breach Today

Cases Involved Mailings That Potentially Exposed Sensitive Health Information Health insurer Aetna is still paying the price for two 2017 privacy breaches involving mailings that potentially exposed HIV and cardiac condition information about thousands of individuals. Here's the latest update

A Trove of Facebook Data Is a Spammer's Dream and Your Nightmare

WIRED Threat Level

A new report suggests that spammers, not nation states, may have been behind the Facebook hack. That could be even worse news. Security

Data 77

Are Data Breaches the New Reality for Retail?

Thales Data Security

As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. Lines are now blurred between physical and digital experiences.

CINRA Act Looks to Standardize Breach Notification

Adam Levin

A bill seeking to standardize data breach notifications for the financial industry at the federal level was passed this week by the House Financial Services Committee. Bill H.R.

FDA Calls for 'Cybersecurity Bill of Materials' for Devices

Data Breach Today

Russian Trolls Are Still Playing Both Sides—Even With the Mueller Probe

WIRED Threat Level

The latest indictment against Russian trolls shows how they sowed division in the US on wedge issues, including the investigation into their activity. Security

Pentagon Defense Department travel records data breach

Security Affairs

Pentagon – Defense Department travel records suffered a data breach that compromised the personal information and credit card data of U.S. military and civilian personnel.

Developing a PaaS Migration Strategy

Perficient Data & Analytics

In the post “The Business Case Justification for PaaS” we looked at the benefits and a business case for PaaS. In this blog we will look at the steps to create a migration strategy to PaaS including re-platforming legacy applications.

HHS Updates Security Risk Assessment Tool

Data Breach Today

But Why Is Conducting a Risk Analysis So Challenging for So Many Organizations? The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis.

Tools 181

Identifying E-signature Requirements to Accelerate Digital Adoption and Meet Global Compliance

AIIM

Eighteen years after US ESIGN Act and 21 years after the world’s first laws on electronic signatures went into force in Germany and Singapore the benefits of e-signatures are widely understood and many organizations rolled out e-signature to some extent.

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

Oracle has just released a security update to prevent 2.3 million servers running the RPCBIND service from being used in amplified DDoS attacks. The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs.

AI-powered analytics to drive operational excellence for oil and gas

OpenText Information Management

In a previous blog, I looked at how effective content management is an important factor driving operational excellence for oil and gas companies. Your people need access to the right information at the right time in the right format.