Sat.May 04, 2019 - Fri.May 10, 2019

How Encryption Became the Board’s New Best Friend

Thales eSecurity

Originally published in TEISS on May 1, 2019. For many years, encryption has been viewed as a burden on businesses – expensive, complex and of questionable value. How things have changed.

Malware Knocks Out Accounting Software Giant Wolters Kluwer

Data Breach Today

Cloud 244

The CIA Sets Up Shop on Tor, the Anonymous Internet

WIRED Threat Level

Even the Central Intelligence Agency has a so-called onion service now. Security Security / Security News

Nine Charged in Alleged SIM Swapping Ring

Krebs on Security

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

NEW TECH: DataLocker extends products, services to encrypt data on portable storage devices

The Last Watchdog

No matter how reliant we ultimately become on cloud storage and streaming media, it’s hard to image consumers ever fully abandoning removable storage devices. There’s just something about putting your own two hands on a physical device, whether it’s magnetic tape, or a floppy disk, or a CD.

More Trending

LulZSec and Anonymous Ita hackers published sensitive data from 30,000 Roman lawyers

Security Affairs

A group of hackers has stolen and published online sensitive data of 30,000 Roman lawyers, including the Mayor of Rome. The announcement was made on Twitter by Lulzsec and Anonymous Ita.

Sales 114

What’s Behind the Wolters Kluwer Tax Outage?

Krebs on Security

Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH , the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands.

Cloud 214

Q&A: Here’s why Android users must remain vigilant about malicious apps, more so than ever

The Last Watchdog

Android users – and I’m one – are well-advised to be constantly vigilant about the types of cyberthreats directed, at any given time, at the world’s most popular mobile device operating system. Related: Vanquishing BYOD risks Attacks won’t relent anytime soon, and awareness will help you avoid becoming a victim. It’s well worth it to stay abreast of news about defensive actions Google is forced to take to protect Android users.

FBI Shutters DeepDotWeb Portal; Suspected Admins Arrested

Data Breach Today

Suspects Accused of Receiving Bitcoins Worth Millions for Referral Fees The DeepDotWeb portal, which provided a guide to darknet marketplaces, has been shut down and its alleged administrators arrested.

IT 273

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Securing Sensitive Data in Pivotal Cloud Foundry

Thales eSecurity

The Cloud Security Challenge. It’s no secret that cloud technology usage is pervasive among enterprises. According to the 2019 Thales Data Threat Report -Global Edition, some 90 percent of 1,200 responding data security professionals worldwide report their organizations are using the cloud.

Cloud 112

Protecting Yourself from Identity Theft

Schneier on Security

I don't have a lot of good news for you. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others.

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

The Last Watchdog

The recent network breach of Wipro , a prominent outsourcing company based in India, serves as a stunning reminder that digital transformation cuts two ways. Our rising dependence on business systems that leverage cloud services and the gig economy to accomplish high-velocity innovation has led to a rise in productivity. However, the flip side is that we’ve also created fresh attack vectors at a rapid rate – exposures that are not being adequately addressed.

Chinese Men Charged With Hacking Health Insurer Anthem

Data Breach Today

Data of 78.8 Million Individuals Was Encrypted, Sent to China, US Alleges Two Chinese men have been indicted on charges related to the breach of health insurer Anthem, which saw the personal information of 78.8 million individuals stolen, as well as attacks against three other large U.S. companies

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Top-Tier Russian Hacking group Fxmsp claims hack of major AntiVirus Companies

Security Affairs

A Russian hacking group Fxmsp is offering for sale the access to the networks of at least three antivirus companies in the US and source code of their software.

Groups 109

Leaked NSA Hacking Tools

Schneier on Security

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government.

Tools 104

Q&A: The drivers behind the stark rise — and security implications — of ‘memory attacks’

The Last Watchdog

A distinctive class of hacking is rising to the fore and is being leveraged by threat actors to carry out deep, highly resilient intrusions of well-defended company networks. Related: Memory hacking becomes a go-to tactic These attacks are referred to in the security community as “fileless attacks” or “memory attacks.”

Feds Warn of 'Electricfish' Malware Linked to North Korea

Data Breach Today

CERT Says Hidden Cobra APT Group Developed Malware The FBI and the Department of Homeland Security have issued a joint warning about new malware called "Electricfish." Investigators suspect it was developed by the advanced persistent threat group Hidden Cobra, which has been linked to North Korea

Groups 251

Most of the servers at City of Baltimore shut down after ransomware attack

Security Affairs

For the second time in a year, systems of the city of Baltimore has been hit by a ransomware attack, forcing officials to shut down a majority of them. The city of Baltimore shut down most of its servers in response to a ransomware attack that hit its network. Baltimore Mayor Bernard C.

First Physical Retaliation for a Cyberattack

Schneier on Security

Israel has acknowledged that its recent airstrikes against Hamas were a real-time response to an ongoing cyberattack. From Twitter : CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets.

NEW TECH: SlashNext dynamically inspects web page contents to detect latest phishing attacks

The Last Watchdog

Humans are fallible. Cyber criminals get this. Human fallibility is the reason social engineering has proven to be so effective – and why phishing persists. Consider these metrics from messaging security firm Proofpoint : •Email-based corporate credential phishing attacks quadrupled in Q3 2018 vs. the previous quarter. Web-based social engineering attacks jumped 233% vs. the previous quarter. •99%

Despite Doxing, OilRig APT Group Remains a Threat

Data Breach Today

Researchers Describe What They've Learned From Data Dump Despite a doxing of its targets and tools in March, the advanced persistent threat group known as OilRig remains a significant threat to governments and businesses, researchers at Palo Alto Network's Unit 42 report

Groups 241

A hacker has taken over at least 29 IoT botnets

Security Affairs

Hacker “Subby” brute-forces the backends of 29 IoT botnets that were using weak or default credentials. A hacker that goes online with the moniker ‘Subby’ took over 29 IoT botnets in the past few week s with brute-force attacks.

IoT 110

Amazon Is Losing the War on Fraudulent Sellers

Schneier on Security

Excellent article on fraudulent seller tactics on Amazon. The most prominent black hat companies for US Amazon sellers offer ways to manipulate Amazon's ranking system to promote products, protect accounts from disciplinary actions, and crush competitors.

Sales 101

How personal social media use can become a corporate problem

IT Governance

Most of us use social media to keep in touch with friends, read interesting content or share photos, but we also know it comes with risk.

Course 101

New Skimmer Attack Steals Data From Over 100 Ecommerce Sites

Data Breach Today

Malicious JavaScript Steals Credit Card Data A new skimmer attack that has injected malicious JavaScript into the payment sections of 105 ecommerce websites is stealing credit card and other customer data, security researchers warn.

Data 226

Japan will develop its first-ever malware as a defense measure against cyber attacks

Security Affairs

The news was reported by the Kyodo News and has caught my attention, Japan will develop its first-ever computer virus as defense against cyber attacks.

Cryptanalyzing a Pair of Russian Encryption Algorithms

Schneier on Security

A pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014.

Digitizing data to build a talented workforce

OpenText Information Management

Data – whether it is client, vendor, enterprise or consumer – has become the lifeblood of global business. And nearly a year after the General Data Protection Regulation (GDPR) came into force, the way in which organizations store, handle and use data has emerged as a priority.

GDPR 96

Researchers: Spies Exploit Microsoft Exchange Backdoor

Data Breach Today

Groups 221

A bug in Mirai code allows crashing C2 servers

Security Affairs

Ankit Anubhav, a principal researcher at NewSky Security, explained how to exploit a vulnerability in the Mirai bot to crash it.

IoT 105

Another NSA Leaker Identified and Charged

Schneier on Security

In 2015, the Intercept started publishing " The Drone Papers ," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified.