Sat.Oct 13, 2018 - Fri.Oct 19, 2018

GUEST ESSAY: Supply chain vulnerabilities play out in latest Pentagon personnel records breach

The Last Watchdog

It is disheartening, but not at all surprising, that hackers continue to pull off successful breaches of well-defended U.S. government strategic systems. Related podcast: Cyber attacks on critical systems have only just begun. On Friday, Oct. 12, the Pentagon disclosed that intruders breached Defense Department travel records and compromised the personal information and credit card data of U.S. military and civilian personnel. The Associated Press, quoting a U.S.

How Cybercriminals are Targeting free Wi-Fi Users?

Security Affairs

Free Wi-Fi is convenient, but it is also unsafe and puts users at great risk. Here’s how the cybercriminals attack user on these open networks. The free Wi-Fi is one of the catchiest things for the users in today’s world.

Know your enemy – understanding the 7 different types of data breaches

IT Governance

Every day almost 7 million data records are compromised , with no organisation or sector immune. Organisations are facing a war on data breaches, so it’s imperative that ‘know your enemy’ becomes part of their battle tactics.

Anthem Mega-Breach: Record $16 Million HIPAA Settlement

Data Breach Today

Regulators Say Health Insurer Failed to Take Basic Security Steps Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight

GUEST ESSAY: Pentagon’s security flaws highlighted in GAO audit — and recent data breach

The Last Watchdog

Being the obvious target that it is, the U.S. Department of Defense presumably has expended vast resources this century on defending its digital assets from perennial cyber attacks. Related: Why carpet bombing email campaigns endure. And yet two recent disclosures highlight just how brittle the military’s cyber defenses remain in critical areas.

Expert released PoC Code Microsoft Edge Remote Code Execution flaw

Security Affairs

Security expert published the PoC exploit code for the recently fixed critical remote code execution flaw in Edge web browser tracked as CVE-2018-8495. The October 2018 Patch Tuesday addressed 50 known vulnerabilities in Microsoft’s products, 12 of them were labeled as critical.

Trends 113

How DNA Databases Violate Everyone's Privacy

Schneier on Security

If you're an American of European descent, there's a 60% you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public.

More Trending

30k+ Pentagon Employees Compromised in Data Breach

Adam Levin

The credit card data and travel records of roughly 30,000 employees of the U.S. Defense Department have been compromised in a data breach. The hack was first detected on October 4th, but may have occurred months ago and could have affected more accounts than initially reported.

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

Oracle has just released a security update to prevent 2.3 million servers running the RPCBIND service from being used in amplified DDoS attacks. The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs.

How to detect a data breach

IT Governance

The need for speed. Data breaches can have serious financial consequences for organisations of all sizes. The faster a breach can be detected and contained, the lower the costs for the organisation.

10 Cyberattacks Investigated Weekly by UK

Data Breach Today

Majority of Incidents Trace to Hostile Nation-States, NCSC Says The U.K.'s s National Cyber Security Center incident response teams have investigated more than 1,000 significant incidents in the past two years, the majority of which trace to nation-state attackers, officials say

West Virginia Using Internet Voting

Schneier on Security

This is crazy (and dangerous). West Virginia is allowing people to vote via a smart-phone app. Even crazier, the app uses blockchain -- presumably because they have no idea what the security issues with voting actually are. blockchain phones securitypolicies voting

Pentagon Defense Department travel records data breach

Security Affairs

Pentagon – Defense Department travel records suffered a data breach that compromised the personal information and credit card data of U.S. military and civilian personnel.

Cybersecurity Awareness Month Blog Series: It’s Cybersecurity Awareness Month – advice to SMBs

Thales Data Security

This October marks the 15 th year of Cybersecurity Awareness Month.

Cryptojackers Keep Hacking Unpatched MikroTik Routers

Data Breach Today

219

5 causes of data breaches that everybody should recognise

IT Governance

The key to reducing the damage that data breaches can cause is to spot them quickly. Ponemon Institute’s 2018 Cost of a Data Breach Study found that organisations that identified a breach within 100 days saved an average of £2 million per incident.

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

Yoroi security firm uncovered a targeted attack against one of the most important companies in the Italian Naval Industry leveraging MartyMcFly Malware.

Robert Mueller Has Already Told You Everything You Need To Know

WIRED Threat Level

With the exception of President Trump’s legal team, no one has been watching the Mueller investigation more closely than Garrett Graff. Security

Heads-Up: Patch 'Comically Bad' libSSH Flaw Now

Data Breach Today

Thankfully Most SSH - From BSD to Linux Distros to Macs - Is Unaffected Attention admins: If you use libSSH - one of the open-source flavors of Secure Shell, or SSH - patch now. The advice follows the disclosure of a vulnerability that one expert, Paul Ducklin of Sophos, terms "comically bad

Why is the GDPR still something I should be concerned about?

IT Governance

The EU’s GDPR (General Data Protection Regulation) superseded all laws based on the EU’s Data Protection Directive, including the UK’s Data Protection Act 1998, on 25 May 2018.

GDPR 84

GreyEnergy cyberespionage group targets Poland and Ukraine

Security Affairs

Security researchers from ESET published a detailed analysis of a recently discovered cyber espionage group tracked as GreyEnergy.

Groups 100

Gimmal Extends its DoD 5015.2 Certified Records Management Certification to SharePoint 2016

Gimmal

Gimmal, the world’s leading provider of records management and information governance software, is excited to announce that Gimmal Records Management , which already provides DoD 5015.2-certified for Microsoft SharePoint 2010 and 2013, is now extending its certification to Microsoft 2016.

Aetna Hit With More Penalties for Two Breaches

Data Breach Today

Cases Involved Mailings That Potentially Exposed Sensitive Health Information Health insurer Aetna is still paying the price for two 2017 privacy breaches involving mailings that potentially exposed HIV and cardiac condition information about thousands of individuals. Here's the latest update

A Trove of Facebook Data Is a Spammer's Dream and Your Nightmare

WIRED Threat Level

A new report suggests that spammers, not nation states, may have been behind the Facebook hack. That could be even worse news. Security

Data 79

A crippling ransomware attack hit a water utility in the aftermath of Hurricane Florence

Security Affairs

A water utility in the US state of North Carolina suffered a severe ransomware attack in the week after Hurricane Florence hit the East Coast of the U.S.

CIP Spotlight: Devon McCollum is Serious About the Information Industry

AIIM

Why choose certification? For me, it's about proof (to myself and to employers) of my expertise.

FDA Calls for 'Cybersecurity Bill of Materials' for Devices

Data Breach Today

Government Perspective on Supply Chain Security

Schneier on Security

This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now. cybersecurity infrastructure internetofthings nationalsecuritypolicy nsa

Ex-NASA contractor pleaded guilty for cyberstalking crimes

Security Affairs

A former NASA contractor has pleaded guilty for a cyberstalking scheme, the man blackmailed seven women threatening to publish their nude pictures.

Russian Trolls Are Still Playing Both Sides—Even With the Mueller Probe

WIRED Threat Level

The latest indictment against Russian trolls shows how they sowed division in the US on wedge issues, including the investigation into their activity. Security

HHS Updates Security Risk Assessment Tool

Data Breach Today

But Why Is Conducting a Risk Analysis So Challenging for So Many Organizations? The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis.

Tools 186

Privacy for Tigers

Schneier on Security

Ross Anderson has some new work : As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images.

35 million US voter records available for sale in a hacking forum

Security Affairs

Millions of voter records are available for sale on the Dark Web, experts discovered over 35 million US voter records for sale in a hacking forum.

Sales 100

Are Data Breaches the New Reality for Retail?

Thales Data Security

As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. Lines are now blurred between physical and digital experiences.

US Voter Records for Sale on Hacker Forum

Data Breach Today

Exposure Highlights Scant Protection Afforded to Voter Registration Records A batch of U.S. voter registration records from 20 states has appeared for sale online in what appears to be an illegitimate offering. While it's far from the largest-ever seen leak of voter data, the incident again highlights the lax controls too often applied to voter records

Sales 183

Top 4 Project Management Tools

AIIM

A great project development team can only be great with the right tools. Through the numerous project management methodologies and top-down inferences, there is one constant; management tools. Even the best managers can’t work efficiently without them.

Tools 76

Chaining three critical vulnerabilities allows takeover of D-Link routers

Security Affairs

Researchers from the Silesian University of Technology in Poland discovered several flaws that could be exploited to take over some D-Link routers.