Expert insights. Personalized for you.
Victims Need 'Single Sign-Off' in This Age of Hyper-Connected Services and Apps While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps MORE
Phishing Attack Against Cyprus Stole Access Passwords, New York Times Reports For the past three years, hackers have been intercepting sensitive diplomatic cables sent between EU member states after stealing passwords for accessing the EU network via a phishing attack against diplomats in Cyprus, The New York Times reports MORE
Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “[link]. A live Paypal phishing site that uses [link] (has the green padlock). MORE
The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM. MORE
One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. One of more fascinating innovators in this space is 11-year-old DataLocker, based in Overland Park, Kansas. Related: How DataLocker got its start h. Co-founder Jay took a business trip to South Korea in the fall of 2007. MORE
A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S. MORE
Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. Image: USPS.com. KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked to remain anonymous. The researcher said he informed the USPS about his finding more than a year ago yet never received a response. MORE
Separately, a Water Utility Hit by Ryuk Ransomware Vows to Restore, Not Pay A tale of two different ransomware victims' responses: One Connecticut city says it had little choice but to pay a ransom to restore crypto-locked systems. But a North Carolina water utility hit separately says that rather than bow to criminals' demands, it will rebuild affected systems and databases MORE
All companies today are exposed to intense cyber-attacks. And yet the vast majority simply do not have the capability to effectively defend their networks. That’s where managed security services providers, or MSSPs, come in. MSSPs monitor and manage cybersecurity systems as a contracted service. This can include spam filtering, malware detection, firewalls upkeep, vulnerability management and more. Related: Delivering useful intel to MSSPs. Companies are gravitating to MSSPs in a big way. MORE
Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works. A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones. MORE
It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. MORE
Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA. To the contrary, DDoS attacks appear to be scaling up and getting more sophisticated in lock step with digital transformation; DDoS attacks today are larger, more varied and come at the targeted website from so many more vectors than ever before. MORE
Fun fact: an estimated 75% of today’s content management solutions were installed before the year 2010 – meaning that most organizations are now depending upon systems that at best are dated, and at are worst dangerously close end-of-life. This being the case, you’d think that folks would be working hard to move their legacy content […]. The post Legacy Content Migration: Urgent Need is Largely Invisible appeared first on Holly Group. MORE
Privacy Breach Claims Are Rising, Says Thomas Clayton of Zurich Insurance Although the EU's General Data Protection Regulation only went into full effect on May 25, its mandatory privacy breach notifications are already having an effect on the cyber insurance marketplace, says Thomas Clayton of Zurich Insurance MORE
Cash-Out Malware Called 'Ploutus' Migrates North From Mexico U.S. Secret Service alert: For the first time, malware-using fraudsters have been draining U.S. ATMs of their cash via what's known as a jackpotting or cash-out attack. Two older models of ATMs made by Diebold Nixdorf appear to have been targeted MORE
179 
If you're going to commit an illegal act, it's best not to discuss it in e-mail. It's also best to Google tech instructions rather than asking someone else to do it: One new detail from the indictment, however, points to just how unsophisticated Manafort seems to have been. Here's the relevant passage from the indictment. I've bolded the most important bits: Manafort and Gates made numerous false and fraudulent representations to secure the loans. MORE
Multiple Failures' Cited as Watchdog Levies Maximum Possible Pre-GDPR Fine Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security MORE
Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly). MORE
KrebsOnSecurity recently had a chance to interview members of the REACT Task Force , a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. MORE
Ireland, France, Germany and UK Report Increases Since Privacy Law Took Effect The number of data breach reports filed since the EU General Data Protection Regulation went into effect has hit nearly 3,500 in Ireland, over 4,600 in Germany, 6,000 in France and 8,000 in the U.K. Regulators say more Europeans are also filing more complaints about organizations' data protection and privacy practices MORE
Today, on Perpective Check: The truth and consequences of your boss flipping through the pages of a magazine and saying, “I just read about [new shiny infogov object] that EVERYBODY’S using. How come we’re not??” link]. The post Management by Magazine (InfoGov Edition) appeared first on Holly Group. Information Management infogov information governance MORE
Firm to appeal decision by Berlin regional court which upholds complaints that users not given informed consent Facebook’s default privacy settings and use of personal data are against German consumer law, according to a judgement handed down by a Berlin regional court. The court found that Facebook collects and uses personal data without providing enough information to its members for them to render meaningful consent. MORE
With organizations around the world now deploying ever-increasing amounts of encryption solutions in an effort to ward off cybercrime, businesses are facing a combination of challenges. Whether it’s varying protection levels, differing operational techniques and policies, or juggling multiple keys, managing more than one encryption system can quickly turn into a complex web that demands time, expertise and money to manage effectively. MORE
Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card. MORE
One Answer Is Clear: Network Re-Routing Raises Suspicions For nearly 30 months, internet traffic going to Australian Department of Defense websites flowed through China Telecom data centers, an odd and suspicious path. Why the strange routing occurred is known. But the reasons why it persisted for so long aren't MORE
We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised. TO COMPANIES. MORE
‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online. MORE
Interesting research: " Long-term market implications of data breaches, not ," by Russell Lange and Eric W. Burger. Abstract : This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to the performance of the firms' peer industries, as represented through selected indices rather than the market as a whole. MORE
We are amidst a new "machine identity crisis," says Jeff Hudson, CEO of Venafi. And unless we tackle this growing challenge of how to secure machine-to-machine communication, then enterprise IT and security departments are likely to be overwhelmed MORE
Krebs on Security
SEPTEMBER 21, 2018
It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history.
Thales Cloud Protection & Licensing
FEBRUARY 9, 2018
With organizations around the world now deploying ever-increasing amounts of encryption solutions in an effort to ward off cybercrime, businesses are facing a combination of challenges. Whether it’s varying protection levels, differing operational techniques and policies, or juggling multiple keys, managing more than one encryption system can quickly turn into a complex web that demands time, expertise and money to manage effectively.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Weissman's World
MAY 25, 2018
Fun fact: an estimated 75% of today’s content management solutions were installed before the year 2010 – meaning that most organizations are now depending upon systems that at best are dated, and at are worst dangerously close end-of-life. This being the case, you’d think that folks would be working hard to move their legacy content […]. The post Legacy Content Migration: Urgent Need is Largely Invisible appeared first on Holly Group.
Data Breach Today
DECEMBER 19, 2018
Ireland, France, Germany and UK Report Increases Since Privacy Law Took Effect The number of data breach reports filed since the EU General Data Protection Regulation went into effect has hit nearly 3,500 in Ireland, over 4,600 in Germany, 6,000 in France and 8,000 in the U.K. Regulators say more Europeans are also filing more complaints about organizations' data protection and privacy practices
Advertiser: ZoomInfo
For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.
Schneier on Security
JANUARY 19, 2018
Interesting research: " Long-term market implications of data breaches, not ," by Russell Lange and Eric W. Burger. Abstract : This report assesses the impact disclosure of data breaches has on the total returns and volatility of the affected companies' stock, with a focus on the results relative to the performance of the firms' peer industries, as represented through selected indices rather than the market as a whole.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
AUGUST 27, 2018
Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA. To the contrary, DDoS attacks appear to be scaling up and getting more sophisticated in lock step with digital transformation; DDoS attacks today are larger, more varied and come at the targeted website from so many more vectors than ever before.
The Guardian Data Protection
FEBRUARY 12, 2018
Firm to appeal decision by Berlin regional court which upholds complaints that users not given informed consent Facebook’s default privacy settings and use of personal data are against German consumer law, according to a judgement handed down by a Berlin regional court. The court found that Facebook collects and uses personal data without providing enough information to its members for them to render meaningful consent.
Data Breach Today
JANUARY 16, 2018
We are amidst a new "machine identity crisis," says Jeff Hudson, CEO of Venafi. And unless we tackle this growing challenge of how to secure machine-to-machine communication, then enterprise IT and security departments are likely to be overwhelmed
Krebs on Security
OCTOBER 1, 2018
Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).
Advertiser: Datadog
Run mission-critical applications on serverless without sacrificing visibility.
Krebs on Security
NOVEMBER 7, 2018
A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S.
Krebs on Security
DECEMBER 1, 2018
We don’t yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised. TO COMPANIES.
Krebs on Security
NOVEMBER 23, 2018
‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online.
Weissman's World
JANUARY 15, 2018
Today, on Perpective Check: The truth and consequences of your boss flipping through the pages of a magazine and saying, “I just read about [new shiny infogov object] that EVERYBODY’S using. How come we’re not??” link]. The post Management by Magazine (InfoGov Edition) appeared first on Holly Group. Information Management infogov information governance
Advertisement
PostgreSQL is one of the most successful open source projects in existence. But each year it becomes harder and harder to get familiarized with the PostgreSQL ecosystem and its new features. Learn 10 rules that will help you perfect your PostgreSQL installation.
Krebs on Security
NOVEMBER 21, 2018
Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. Image: USPS.com. KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked to remain anonymous. The researcher said he informed the USPS about his finding more than a year ago yet never received a response.
Schneier on Security
FEBRUARY 26, 2018
If you're going to commit an illegal act, it's best not to discuss it in e-mail. It's also best to Google tech instructions rather than asking someone else to do it: One new detail from the indictment, however, points to just how unsophisticated Manafort seems to have been. Here's the relevant passage from the indictment. I've bolded the most important bits: Manafort and Gates made numerous false and fraudulent representations to secure the loans.
Data Breach Today
NOVEMBER 7, 2018
Privacy Breach Claims Are Rising, Says Thomas Clayton of Zurich Insurance Although the EU's General Data Protection Regulation only went into full effect on May 25, its mandatory privacy breach notifications are already having an effect on the cyber insurance marketplace, says Thomas Clayton of Zurich Insurance
The Last Watchdog
JULY 30, 2018
One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. One of more fascinating innovators in this space is 11-year-old DataLocker, based in Overland Park, Kansas. Related: How DataLocker got its start h. Co-founder Jay took a business trip to South Korea in the fall of 2007.
Advertisement
This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.
Data Breach Today
OCTOBER 22, 2018
Separately, a Water Utility Hit by Ryuk Ransomware Vows to Restore, Not Pay A tale of two different ransomware victims' responses: One Connecticut city says it had little choice but to pay a ransom to restore crypto-locked systems. But a North Carolina water utility hit separately says that rather than bow to criminals' demands, it will rebuild affected systems and databases
Data Breach Today
NOVEMBER 21, 2018
One Answer Is Clear: Network Re-Routing Raises Suspicions For nearly 30 months, internet traffic going to Australian Department of Defense websites flowed through China Telecom data centers, an odd and suspicious path. Why the strange routing occurred is known. But the reasons why it persisted for so long aren't
Data Breach Today
DECEMBER 19, 2018
Phishing Attack Against Cyprus Stole Access Passwords, New York Times Reports For the past three years, hackers have been intercepting sensitive diplomatic cables sent between EU member states after stealing passwords for accessing the EU network via a phishing attack against diplomats in Cyprus, The New York Times reports
Krebs on Security
NOVEMBER 6, 2018
KrebsOnSecurity recently had a chance to interview members of the REACT Task Force , a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.
Advertiser: ZoomInfo
What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.
Krebs on Security
NOVEMBER 2, 2018
Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works. A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones.
Krebs on Security
SEPTEMBER 17, 2018
Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.
Data Breach Today
JANUARY 29, 2018
Cash-Out Malware Called 'Ploutus' Migrates North From Mexico U.S. Secret Service alert: For the first time, malware-using fraudsters have been draining U.S. ATMs of their cash via what's known as a jackpotting or cash-out attack. Two older models of ATMs made by Diebold Nixdorf appear to have been targeted
Data Breach Today
SEPTEMBER 20, 2018
Multiple Failures' Cited as Watchdog Levies Maximum Possible Pre-GDPR Fine Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security
Advertiser: Datadog
In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).
Krebs on Security
SEPTEMBER 27, 2018
The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM.
Data Breach Today
OCTOBER 2, 2018
Victims Need 'Single Sign-Off' in This Age of Hyper-Connected Services and Apps While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps
The Last Watchdog
SEPTEMBER 6, 2018
All companies today are exposed to intense cyber-attacks. And yet the vast majority simply do not have the capability to effectively defend their networks. That’s where managed security services providers, or MSSPs, come in. MSSPs monitor and manage cybersecurity systems as a contracted service. This can include spam filtering, malware detection, firewalls upkeep, vulnerability management and more. Related: Delivering useful intel to MSSPs. Companies are gravitating to MSSPs in a big way.
Let's personalize your content