Security Affairs newsletter Round 298

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The post Security Affairs newsletter Round 298 appeared first on Security Affairs.

Heathrow Airport fined £120,000 for data breach

IT Governance

The ICO (Information Commissioner’s Office) has fined Heathrow Airport £120,000 for failing to secure sensitive personal data after a member of public found an unencrypted USB stick containing data about the airport’s staff. Newspaper reports claim that the USB stick was found in London on 16 October 2017, and that the person who found the stick viewed the contents on a library computer before passing it to the Sunday Mirror.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Thales Cloud Protection & Licensing

What’s driving the security of IoT? The Urgency for Security in a Connected World. Imagine a world where the retail value of your car actually grows over time – that’s now becoming a reality. Device Security is Hard. Security isn’t static. Securing the IoT Stack.

Crafty Web Skimming Domain Spoofs “https”

Krebs on Security

3 Twitter post by security researcher and blogger Denis Sinegubko , the autocapital domain acts as a collector of data hoovered up by the http[.]ps

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

Machine learning algorithms are already being used in transportation to ease road congestion, in healthcare to spot medical errors and improve patient care and in retail to improve the customer shopping experience. The Chrome team, I think there's 38 people just on the security team.

Breaking the Ice on DICE: scaling secure Internet of Things Identities

The Security Ledger

In this Spotlight Podcast, sponsored by Trusted Computing Group*, Dennis Mattoon of Microsoft Research gives us the low-down on DICE: the Device Identifier Composition Engine Architectures, which provides a means of solving a range of security and identity problems on low cost, low power IoT endpoints. Secure identities are the foundation of secure ecosystems. At the risk of oversimplifying: without a foundation of strong identity, there can be no real security.

IoT 40

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

Machine learning algorithms are already being used in transportation to ease road congestion, in healthcare to spot medical errors and improve patient care and in retail to improve the customer shopping experience. But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? We're saying it's not enough to check security at the end.

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

Machine learning algorithms are already being used in transportation to ease road congestion, in healthcare to spot medical errors and improve patient care and in retail to improve the customer shopping experience. But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? We're saying it's not enough to check security at the end.

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable. The flaw also affected the Financial Services Analytical Applications Infrastructure, the Fusion Middleware MapViewer, and four three Oracle Retail components. The post Oracle critical patch advisory addresses 284 flaws, 33 critical appeared first on Security Affairs.

Nodersok malware delivery campaign relies on advanced techniques

Security Affairs

About 3% of the infected systems belong to organizations in different sectors, including education, professional services, healthcare, finance, and retail. One of the second-stage instances of PowerShell downloads the legitimate node.exe tool, while another drops WinDivert packet capture library components. The post Nodersok malware delivery campaign relies on advanced techniques appeared first on Security Affairs.

List of data breaches and cyber attacks in April 2021 – 1 billion records breached

IT Governance

It was another busy month in the cyber security sector, as we discovered 143 incidents that resulted in 1,098,897,134 breached records. discloses security incident (unknown) St.

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

Government assesses that HIDDEN COBRA actors will continue to use FASTCash tactics to target retail payment systems vulnerable to remote exploitation.” “HIDDEN COBRA actors most likely deployed ISO 8583 libraries on the targeted switch application servers. Malicious threat actors use these libraries to help interpret financial request messages and properly construct fraudulent financial response messages.” Security Affairs – Hidden Cobra, FastCash ).

FIN6 recently expanded operations to target eCommerce sites

Security Affairs

FIN6 group has been active since 2015, past attacks were focused on point-of-sale (POS) machines used by retailers and companies in the hospitality sector in the U.S. In the campaign investigated by the experts, the attackers used the backdoor to download a signed binary loader and a signed Dynamic Link Library (DLL) that create a reverse shell and connect to a remote host. The post FIN6 recently expanded operations to target eCommerce sites appeared first on Security Affairs.

List of data breaches and cyber attacks in November 2020 – 586 million records breached

IT Governance

We recorded 103 cyber security incidents in November, which accounted for 586,771,602 leaked records. The majority of those came from a credential-stuffing attack targeting Spotify and a data leak at the messaging app GO SMS Pro, which you can learn more about below.

ATMitch: New Evidence Spotted In The Wild

Security Affairs

In fact, the “ fwmain32 ” process is part of the software services produced by Wincor Nixdorf International GmbH, one of the major vendors providing retail and banking hardware such as ATMs. This library provides access to the E X tension for F inancial S ervice (XFS) API, the communication interface needed to interact with AMT components such as PIN pad and cash dispenser. Figure 5: “msxfs.dll”, library required by malware to communicate with ATM device.

List of data breaches and cyber attacks in May 2021 – 116 million records breached

IT Governance

If you find yourself facing a cyber security disaster, IT Governance is here to help. For the second month in a row, ransomware has dominated our list of data breaches and cyber attacks.

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security

The economic sectors represented by ten or more survey respondents include the following: agriculture; construction; manufacturing; retail trade; transportation and warehousing; information; real estate rental and leasing; professional, scientific, and technical services; management services; waste management; educational services; and arts and entertainment. Still, I like seeing this kind of analysis about security infrastructure.

Florida Man Arrested in SIM Swap Conspiracy

Krebs on Security

” The following month, Michigan authorities found the same individual accessing personal consumer data via public Wi-Fi at a local library, and seized 45 SIM cards, a laptop and a Trezor wallet — a hardware device designed to store crytpocurrency account data. But these precautions may serve as little protection against crooked insiders working at mobile phone retail locations.

The Sainsbury Archive chooses Preservica to create new cloud-based digital archive

Preservica

Preservica’s active digital preservation platform selected to future-proof unique digital assets that document nearly 150 years of corporate, brand and retail history. It is expected to create around 65 TB of information, and therefore felt it was important to ensure its unique digital material could be safely stored and future-proofed, using a secure cloud-hosted preservation and access platform.

The John Lewis Partnership creates new cloud-based business archive with Preservica

Preservica

Oxford, UK and Boston, MA: April 11 2018: The John Lewis Partnership, one of the UK’s leading retail businesses, has selected digital preservation specialist Preservica to build a secure cloud-based business archive. In particular, securing digital access to the valuable collection of designs used on textiles, clothing, greeting cards and other merchandise will play an important role for the product design teams, who use them to inspire new products and maintain brand integrity. “We

Types of Malware & Best Malware Protection Practices

eSecurity Planet

Rogue security software. Architect a premium network security model like SASE that encompasses SD-WAN , CASB , secure web gateways , ZTNA , FWaaS , and microsegmentation. Experts say the best defense is a multi-pronged network security strategy that includes a firewall, anti-malware software, network monitoring, intrusion detection and prevention (IDPS), and data protection. Since 2008, RAM scraping has been a boon for retailers. Rogue Security Software.

Cross-Post from Out of the Stacks: How to Convert Your Home Movie Tapes to Digital

The Texas Record

The Talking Book Program, the Library Development Network and the State Librarian himself, Mark Smith all use the blog format to communicate with the people and agencies who rely on us. One of the most delightful things about working for TSLAC is our bounty of agency maintained blogs.

Why You Need A VPN

Cyber Info Veritas

A virtual private network, VPN for short, is an internet security system that allows you, the user, to send data over the internet in a safe, secure, and in the case of some VPN platforms, secretly over a private network. For instance, although users in other countries pay the same Netflix fee paid by users in the United States, Netflix users in the United States have a larger library of shows.

The Hacker Mind: Hacking IoT

ForAllSecure

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. How then does one start securing it? Calderon: Paulino Calderon, I'm a senior application security consultant with Websec.

IoT 52

The Hacker Mind: Hacking IoT

ForAllSecure

It seems everything smart is hackable, with IoT startups sometimes repeating security mistakes first made decades ago. How then does one start securing it? Calderon: Paulino Calderon, I'm a senior application security consultant with Websec.

IoT 52

What Are My Photos Revealing About Me? You may be accidentally sharing personal information in your photos (an important Guest Post)

Architect Security

Tools and techniques that were once available only to intelligence agencies to collect “open source intelligence” (known as OSINT in national security parlance) are now available to amateur sleuths. But concerns about this tool being used outside of law enforcement have grown with recent revelations showing that the company has been allowing others to try its technology , including big retail chains, schools, casinos, and even some individual investors and clients. .