January, 2020

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password.

Alarming Trend: More Ransomware Gangs Exfiltrating Data

Data Breach Today

Criminals Increasingly Leak Stolen Data to Force Bitcoin Payoff As if ransomware wasn't already bad enough, more gangs are now exfiltrating data from victims before leaving systems crypto-locked.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

MY TAKE: Why we should all now focus on restoring stability to US-Iran relations

The Last Watchdog

As tensions escalate between the U.S. and Iran it’s vital not to lose sight of how we arrived at this point. Related: We’re in the golden age of cyber spying Mainstream news outlets are hyper focused on the events of the past six days. A Dec.

Half a Million IoT Device Passwords Published

Schneier on Security

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

The US-based children’s clothing maker Hanna Andersson has disclosed a data breach that affected its customers. The US-based children’s clothing maker and online retailer Hanna Andersson discloses a data breach, attackers planted an e-skimmer on its e-commerce platform.

More Trending

Patch Tuesday, January 2020 Edition

Krebs on Security

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency.

Hackers Target European Energy Firm: Researchers

Data Breach Today

Report Says Group Tied to Iran Could Be Involved Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm Recorded Future

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

The Last Watchdog

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.

Technical Report of the Bezos Phone Hack

Schneier on Security

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Authorities arrest 3 Indonesian hackers behind many Magecart attacks

Security Affairs

The Indonesian National Police and the Interpol announced the arrest of three Indonesian hackers who carried out Magecart attacks.

The Doomsday Clock Moves Closer Than Ever to Midnight

WIRED Threat Level

Since the advent of the clock—even during the peak years of the Cold War—the minute hand has never advanced past the 11:58 mark. Security Security / Security News

Does Your Domain Have a Registry Lock?

Krebs on Security

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it.

Windows 7: Microsoft Ceases Free Security Updates

Data Breach Today

Security Experts Recommend Holdouts Review Their IT Strategy and Cloud Options Microsoft has ceased offering free security updates for its Windows 7 operating system, as well as Windows Server 2008 and 2008 R2.

Cloud 201

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Weekly Update 175

Troy Hunt

Alright, let me get this off my chest first - I've totally lost it with these bloody Instamics. I've had heaps of dramas in the past with recordings being lost and the first time I do a 3-person weekly update only 2 of them recorded (mine being the exception).

Top 10 Data Governance Trends for 2020: Data’s Real Value Comes Into Focus

erwin

Understanding the data governance trends for the year ahead will give business leaders and data professionals a competitive edge … Happy New Year! Regulatory compliance and data breaches have driven the data governance narrative during the past few years.

City of Potsdam offline following a cyberattack

Security Affairs

The City of Potsdam suffered a major cyberattack that took down its servers earlier this week, but emergency services were not impacted.

Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

WIRED Threat Level

In a shift toward transparency, the National Security Agency announced a bug that could have left over 900 million PCs vulnerable to attack. Security Security / Cyberattacks and Hacks

IT 87

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network.

Analysis: Threat Posed by Pro-Iranian Hackers

Data Breach Today

Wiper Malware, Bank Disruptions Feature in Iran's Asymmetric Hacking Playbook Launching online attacks remains a potent tool in the Iranian government's geopolitical playbook. Security experts are urging U.S.

Friday Squid Blogging: More on the Giant Squid's DNA

Schneier on Security

Following on from last week's post , here's more information on sequencing the DNA of the giant squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. squid

5 Ways Data Modeling Is Critical to Data Governance

erwin

Enterprises are trying to manage data chaos. They might have 300 applications, with 50 different databases and a different schema for each one.

NIST releases version 1.0 of the Privacy Framework

Security Affairs

The NIST released version 1.0 of Privacy Framework, it is a tool designed to help organizations to manage privacy risks. The National Institute of Standards and Technology (NIST) has published the release version 1.0 of its privacy framework.

Risk 95

HSMs: Facilitating Key Management in a Hybrid Cloud Environment

Thales eSecurity

Organizations are actively working to prevent data breaches by encrypting their sensitive information. Encryption isn’t a foolproof security measure, however.

ROT 83

Apple Addresses iPhone 11 Location Privacy Concern

Krebs on Security

Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month. Beta versions of iOS 13.3.1

Hackers Increasingly Probe North American Power Grid

Data Breach Today

But Electric Sector, Driven by Regulators, Has Been Adapting, Experts Say Hackers have been increasingly probing the North American power grid for weaknesses, but the industry - driven in part by regulators - is increasingly able to identify and repel attackers, industrial cybersecurity experts say

5G Security

Schneier on Security

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access.

Everything We Know About the Jeff Bezos Phone Hack

WIRED Threat Level

A UN report links the attack on Jeff Bezos' iPhone X directly to Saudi Arabian Crown Prince Mohammed bin Salman. Security Security / Cyberattacks and Hacks

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate information. Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data.

Speaking of: The Paper Clip’s Digital Equivalent

Weissman's World

In the physical world, paper clips are an important source of context, as their use suggests that the pieces of paper they clip together are somehow related. But what is their digital equivalent? And what does this mean in terms of identifying how many documents those pieces of paper represent, the relative importance of the […]. The post Speaking of: The Paper Clip’s Digital Equivalent appeared first on Holly Group. governance metadata infogov information management

Paper 120

Phishing for Apples, Bobbing for Links

Krebs on Security

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted.