MY TAKE: What everyone should know about the promise and pitfalls of the Internet of Things
The Last Watchdog
SEPTEMBER 19, 2019
2019
201 
Join 55,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Managed Attribution Threat Modeling
Adam Shostack
NOVEMBER 13, 2019
The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” Perhaps that’s “finding threats.” Maybe it’s “discovering” or “eliciting” them. Maybe it’s analogizing from threats we know about. I’m not yet even sure what to call it.
What Is Single Sign-On, and How Can It Make Your Enterprise More Secure?
eSecurity Planet
MARCH 15, 2019
We define single sign-on and how SSO solutions can be implemented to make your organization more secure.
Automation, Evolved: Your New Playbook For Smarter Knowledge Work
Speaker: Frank Taliano
Document-heavy workflows slow down productivity, bury institutional knowledge, and drain resources. But with the right AI implementation, these inefficiencies become opportunities for transformation. So how do you identify where to start and how to succeed? Learn how to develop a clear, practical roadmap for leveraging AI to streamline processes, automate knowledge work, and unlock real operational gains.
Innovation Lab: The Role of Blockchain in Information Governance
Everteam
FEBRUARY 27, 2019
Something is exciting about diving into innovative technology and figuring out how it can improve the way you do business. The blockchain is one of those technologies and in the information management world there are some interesting ways it is helping increase data security, accountability, and transparency. Blockchain – just the basics. With many resources out there that define and describe blockchain, I’m not going to spend a lot of time defining it.
Sign up to get articles personalized to your interests!
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
More Trending
A Shortage in Common Sense: The Myth of the Talent Gap
The Falcon's View
JANUARY 28, 2019
I have a visceral reaction every time I encounter yet another article bemoaning the so-called "talent gap" or "labor gap" in cybersecurity. Having been in and out of the job market several times over the past decade (for better and, more often, for worse), I can honestly say this is utter nonsense. The roots of this clamor began more than a decade ago in DC as federal agencies grappled with modernizing, making use of the annual Sept/Oct budget season to decry how poor and helpless they were in o
Why Personal Data Privacy Needs a Customer-centric Focus
Collibra
MAY 1, 2019
When it comes to personal data privacy, it can be hard to see the forest for the trees. Headlines and social media are dominated by data breaches, resulting in both reputational and financial loss. Meanwhile, organizations are panicked about complying with the latest regulation deadline. In all of this, the customer’s relationship with both personal data privacy and the organization itself can get lost.
MY TAKE: A primer on how ransomware arose to the become an enduring scourge
The Last Watchdog
AUGUST 15, 2019
“All we know is MONEY! Hurry up! Tik Tak, Tik Tak, Tik Tak!” This is an excerpt from a chilling ransom note Baltimore IT officials received from hackers who managed to lock up most of the city’s servers in May. The attackers demanded $76,000, paid in Bitcoin, for a decryption key. Baltimore refused to pay – choosing, instead, to absorb an estimated $18 million in recovery costs.
State of AI in Sales & Marketing 2025
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Malware Most Foul: Emotet, Trickbot, Cryptocurrency Miners
Data Breach Today
OCTOBER 4, 2019
Researchers: Targeted Crime Attacks Surge, Continue to Blend With Nation-State Campaigns Banking Trojans and cryptocurrency mining malware continue to be among the most-seen types of malicious code used for nontargeted attacks. But cybercrime attackers are increasingly running targeted campaigns, security researchers warn.
Google warned 12K+ users targeted by state-sponsored hackers
Security Affairs
DECEMBER 1, 2019
Google revealed that over 12,000 of its users were targeted by state-sponsored hackers in the third quarter of this year. Google’s Threat Analysis Group (TAG) revealed that it has detected and blocked attacks carried out by nation-state actors on 12,000 of its users in the third quarter of this year. Over 90 percent of the users identified by Google were targeted via “credential phishing emails” that attempt to trick victims into providing their password or other account credentials to hij
This Alleged Bitcoin Scam Looked a Lot Like a Pyramid Scheme
WIRED Threat Level
DECEMBER 10, 2019
Five men face federal charges of bilking investors of $722 million by inviting them to buy shares in bitcoin mining pools. .
Microsoft warns of Dexphot miner, an interesting polymorphic threat
Security Affairs
NOVEMBER 26, 2019
Microsoft revealed that the new Dexphot cryptocurrency miner has already infected more than 80,000 computers worldwide. Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide.
How to Achieve High-Accuracy Results When Using LLMs
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts
Security Affairs
NOVEMBER 26, 2019
Some third-party apps quietly scraped personal information from people’s accounts from Twitter and Facebook, the social media companies claim. Facebook and Twitter revealed that some third-party apps quietly scraped personal information from people’s accounts without their consent. According to the company, the cause of behavior that violates their policies is a couple of “malicious” software development kits (SDKs) used by the third-party iOS and Android apps.
Clop Ransomware attempts to disable Windows Defender and Malwarebytes
Security Affairs
DECEMBER 2, 2019
Experts discovered a new malware dubbed Clop ransomware that attempts to remove Malwarebytes and other security products. Security researcher Vitali Kremez discovered a new malware dubbed Clop ransomware that targets Windows systems and attempts to disable security products running on the infected systems. The malicious code executes a small program, just before starting the encryption process, to disable security tools running on the infected systems that could detect its operations.
ENISA publishes a Threat Landscape for 5G Networks
Security Affairs
NOVEMBER 21, 2019
ENISA, the European Union Agency for Cybersecurity publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). ENISA with the support of the Member States, the European Commission and an Expert Group, published an extensive report on threats relating to 5G networks. An EU-wide Coordinated Risk Assessment of 5G networks has been published on the 9 th October 2019.
A Ransomware infected the network of the cybersecurity firm Prosegur
Security Affairs
NOVEMBER 28, 2019
A piece of the Ryuk Ransomware infected the network of the multinational cybersecurity firm Prosegur, forcing the company to shut down it. The Spanish multinational security company Prosegur announced that it was of a ransomware attack that disrupted its telecommunication platform. Comunicado sobre incidencia de seguridad informática pic.twitter.com/TMdOJzkFCB — Prosegur (@Prosegur) November 27, 2019.
Zero Trust Mandate: The Realities, Requirements and Roadmap
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Kaspersky found dozens of flaws in 4 open-source VNC software
Security Affairs
NOVEMBER 23, 2019
Kaspersky researchers found dozens of flaws in four popular open-source virtual network computing (VNC) systems. Experts from Kaspersky analyzed several different implementations of a remote access system called Virtual Network Computing (VNC) and identified a number of memory corruption vulnerabilities. Some of the vulnerabilities found by the experts could lead to remote code execution.
It’s Way Too Easy to Get a.gov Domain Name
Krebs on Security
NOVEMBER 26, 2019
Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a.gov domain versus a commercial one ending in.com or.org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own.gov domain.
PoC exploit code for Apache Solr RCE flaw is available online
Security Affairs
NOVEMBER 25, 2019
Over the summer, the Apache Solr team addressed a remote code execution flaw, not a working exploit code was published online. The bug addressed by the Apache Solr team fixed over the summer is more dangerous than initially thought. Apache Solr is a highly reliable, scalable and fault-tolerant, open-source search engine written in Java. Solr is highly reliable, scalable and fault-tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery, ce
TrueDialog database leaked online tens of millions of SMS text messages
Security Affairs
DECEMBER 1, 2019
Millions of SMS messages have been leaked by a database run by TrueDialog, a business SMS provider for businesses and higher education providers. Security experts at vpnMentor discovered a database belonging to the US communications company, TrueDialog that was leaking millions of SMS messages. Most of the SMS included in the database were sent by businesses to potential customers.
Prevent Data Breaches With Zero-Trust Enterprise Password Management
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Twitter allows users to use 2FA without a phone number
Security Affairs
NOVEMBER 24, 2019
Twitter announced that its users can protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Twitter is going to allow its users to protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. 2FA is already implemented on Twitter, currently, the users of the popular social network could use it with their mobile phone.
Some Fortinet products used hardcoded keys and weak encryption for communications
Security Affairs
NOVEMBER 26, 2019
Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam and AntiVirus cloud services.
Dutch National Cyber Security Centre warns ransomware infected thousands of businesses
Security Affairs
NOVEMBER 28, 2019
According to a confidential report from the Dutch National Cyber Security Centre (NCSC), at least 1,800 companies were infected with 3 ransomware. A confidential report published by the Dutch National Cyber Security Centre (NCSC) revealed that at least 1,800 companies are affected by three strain s of ransomware across the world. According to the report, the three ransomware LockerGoga , MegaCortex , and Ryuk ) involved in the attacks were sharing the same infrastructure.
Hidden Cam Above Bluetooth Pump Skimmer
Krebs on Security
NOVEMBER 25, 2019
Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices. Apparently, I’m not alone. “I believe this is the first time I’ve seen a camera on a gas pump with a Bluetooth card skimmer,” said Detective Matt Jogodka of the Las Vegas Police Departm
Optimizing The Modern Developer Experience with Coder
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data of 21 million Mixcloud users available for sale on the dark web
Security Affairs
DECEMBER 1, 2019
The online music streaming service Mixcloud was recently breached by a hacker that is attempting to sell stolen user data a dark web marketplace. On Friday, the hacker that goes online with the handle “A_W_S” contacted multiple media outlets to disclose the hack, it also provided data samples as proof of the data breach. The hack took place in early November and exposed data for more than 20 million user accounts.
Great Plains center hit by ransomware attack
Security Affairs
NOVEMBER 29, 2019
A few days ago the Great Plains center was hit by a ransomware attack that forced its staff to to pen and paper. A few days ago the Great Plains Health medical center was hit by a ransomware attack that forced its staff to switch to pen and paper.A few days ago the Great Plains center was hit by a ransomware attack that forced its staff to to pen and paper.
Experts discovered control systems for aircraft warning lights open online
Security Affairs
NOVEMBER 26, 2019
Aircraft warning lights, an essential component of the aviation infrastructure, but they pose a serious risk if controlled by hackers. The independent researcher Amitay Dan discovered that control panels for aircraft warning lights were exposed to the Internet, potentially allowing attackers to control them with unpredictable and catastrophic consequences.
Let's personalize your content