2019

MY TAKE: What everyone should know about the promise and pitfalls of the Internet of Things

The Last Watchdog

115
115

Dark Patterns: How Weaponized Usability Hurts Users

Data Breach Today

166
166
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Managed Attribution Threat Modeling

Adam Shostack

The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” ” Perhaps that’s “finding threats.” ” Maybe it’s “discovering” or “eliciting” them. Maybe it’s analogizing from threats we know about. I’m not yet even sure what to call it. But what it does for us is valuable.

IT 62

What Is Single Sign-On, and How Can It Make Your Enterprise More Secure?

eSecurity Planet

We define single sign-on and how SSO solutions can be implemented to make your organization more secure

IT 48

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

Innovation Lab: The Role of Blockchain in Information Governance

Everteam

Something is exciting about diving into innovative technology and figuring out how it can improve the way you do business. The blockchain is one of those technologies and in the information management world there are some interesting ways it is helping increase data security, accountability, and transparency. Blockchain – just the basics. With many resources out there that define and describe blockchain, I’m not going to spend a lot of time defining it.

More Trending

A Shortage in Common Sense: The Myth of the Talent Gap

The Falcon's View

I have a visceral reaction every time I encounter yet another article bemoaning the so-called "talent gap" or "labor gap" in cybersecurity. Having been in and out of the job market several times over the past decade (for better and, more often, for worse), I can honestly say this is utter nonsense.

Why Personal Data Privacy Needs a Customer-centric Focus

Collibra

When it comes to personal data privacy, it can be hard to see the forest for the trees. Headlines and social media are dominated by data breaches, resulting in both reputational and financial loss. Meanwhile, organizations are panicked about complying with the latest regulation deadline. In all of this, the customer’s relationship with both personal data privacy and the organization itself can get lost.

Forced Password Reset? Check Your Assumptions

Krebs on Security

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

“All we know is MONEY! Hurry up! Tik Tak, Tik Tak, Tik Tak!” This is an excerpt from a chilling ransom note Baltimore IT officials received from hackers who managed to lock up most of the city’s servers in May. The attackers demanded $76,000, paid in Bitcoin, for a decryption key. Baltimore refused to pay – choosing, instead, to absorb an estimated $18 million in recovery costs.

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Malware Most Foul: Emotet, Trickbot, Cryptocurrency Miners

Data Breach Today

Researchers: Targeted Crime Attacks Surge, Continue to Blend With Nation-State Campaigns Banking Trojans and cryptocurrency mining malware continue to be among the most-seen types of malicious code used for nontargeted attacks. But cybercrime attackers are increasingly running targeted campaigns, security researchers warn

Mining 158

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Krebs on Security

A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States.

Mixcloud Breach Affects 21 Million Accounts

Data Breach Today

Hashed Passwords Were Leaked; No Financial Data Exposed Digital streaming platform Mixcloud says it is the victim of a data breach after an attacker shared personal data for registered users with several media outlets, including Vice and ZDNet.

Sales 245

It’s Way Too Easy to Get a.gov Domain Name

Krebs on Security

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a.gov domain versus a commercial one ending in.com or.org.

IT 231

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Target Sues Insurer Over 2013 Data Breach Costs

Data Breach Today

Lawsuit Claims Insurer Owes Retailer for Coverage of Card Replacement Costs Target has filed a lawsuit against its long-time insurer, ACE American Insurance Co., in an attempt to recoup money it spent to replace payment cards as part of settlements over the retailer's massive 2013 data breach.

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains

Krebs on Security

On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards.

Sales 223

Hidden Cam Above Bluetooth Pump Skimmer

Krebs on Security

Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices.

Sales 220

NY Payroll Company Vanishes With $35 Million

Krebs on Security

MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Neo-Nazi SWATters Target Dozens of Journalists

Krebs on Security

Nearly three dozen journalists at a broad range of major publications have been targeted by a far-right group that maintains a Deep Web database listing the personal information of people who threaten their views. This group specializes in encouraging others to harass those targeted by their ire, and has claimed responsibility for dozens of bomb threats and “swatting” incidents, where police are tricked into visiting potentially deadly force on the target’s address.

Legal Threats Make Powerful Phishing Lures

Krebs on Security

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

The Last Watchdog

A couple of high-profile distributed denial-of-service (DDoS) attacks will surely go down in history as watershed events – each for different reasons. Related: IoT botnets now available for economical DDoS blasts. In March 2013, several impossibly massive waves of nuisance requests – peaking as high as 300 gigabytes per second— swamped Spamhaus , knocking the anti-spam organization off line for extended periods.

IoT 159

Crime Gang Advertises Stolen 'Anti-Virus Source Code'

Data Breach Today

Researchers: 'Fxmsp' Russian Hacking Collective Exploits Victims Via RDP and Active Directory The "Fxmsp" hacker collective has been advertising source code that it claims to have stolen from three top U.S. anti-virus software development firms, as well as remote access to the companies' neworks, warns fraud-prevention firm Advanced Intelligence

Access 214

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company.

Ransomware Attackers Leak Stolen Data

Data Breach Today

Maze Crew Reportedly Threatens to Release More of Allied Universal's Data Unless Ransom Paid Ransomware attacks have taken an unwelcome turn: The Maze gang reportedly has begun leaking a victim's files to create pressure to pay a ransom.

How Not to Acknowledge a Data Breach

Krebs on Security

I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally I feel obligated to publish such accounts when companies respond to a breach report in such a way that it’s crystal clear they wouldn’t know what to do with a data breach if it bit them in the nose, let alone festered unmolested in some dark corner of their operations.

Facebook Marketplace Flaw Revealed Seller's Exact Location

Data Breach Today

Privacy Peril: Thieves Use Location Data to 'Shop' for High-Value Items Facebook has fixed a security vulnerability in its digital marketplace that could have been abused to identify the precise location of a seller, and by extension, their goods. Police warn that thieves regularly trawl location data to find the owners and locations of high-value items

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Cisco Studies Global Impact of GDPR

Data Breach Today

Cisco is out with findings from its 2019 Data Privacy Benchmark Study, which shows the impact of GDPR compliance as well as how customers are asking more questions about how their data is secured. Cisco Chief Privacy Officer Michelle Dennedy analyzes the survey

GDPR 208

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Krebs on Security

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. NYSE:FAF ] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.

Millions of Facebook Records Found Unsecured on AWS

Data Breach Today

Third-Party Apps Left Facebook Users' Data Accessible in the Cloud Two third-party Facebook application developers exposed users' personal information by leaving the data exposed without a password in unsecured Amazon Web Services S3 buckets, researchers from UpGuard say. One data set contained 540 million unsecured records, the report found