Sat.Jan 19, 2019 - Fri.Jan 25, 2019

France Hits Google with $57 Million GDPR Fine

Data Breach Today

Record Privacy Fine Sends Strong Signal to Data-Processing Technology Companies France has hit Google with a 50 million euro ($57 million) fine for violating the EU's General Data Protection Regulation.

GDPR 225

How the U.S. Govt. Shutdown Harms Security

Krebs on Security

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents.

MY TAKE: US cyber adversaries take cue from shutdown to accelerate malware deployment

The Last Watchdog

One profound consequence of Donald Trump’s shutdown of the federal government, now in day 33, is what a boon it is to US cyber adversaries. And moving forward, the long run ramifications are likely to be dire, indeed. Related: Welcome to the ‘golden age’ of cyber espionage.

Google fined £44 million in landmark GDPR ruling

IT Governance

Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). .

GDPR 103

DHS Issues More Urgent Warning on DNS Hijacking

Data Breach Today

Government Agencies Should Audit DNS Settings Within 10 Days The U.S. Department of Homeland Security says executive branch agencies are being targeted by attacks aimed at modifying Domain Name System records, which are critical for locating websites and services.

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

More Trending

Clever Smartphone Malware Concealment Technique

Schneier on Security

This is clever : Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks.

5 Malware Trends: Emotet is Hot, Cryptominers Decline

Data Breach Today

Attackers Dig Deeper Into Businesses as WannaCry Lingers, Ransomware Lives On As the value of cryptocurrency has plummeted, so too have the number of cryptomining infections being seen in the wild, reports security firm Malwarebytes.

Trends 168

Securing data in the hybrid cloud

Thales Data Security

IDG’s 2018 Cloud Computing Study tells us: Seventy-three percent of organizations have at least one application, or a portion of their computing infrastructure already in the cloud – 17% plan to do so within the next 12 months.

Cloud 82

How to Find Your Netflix Freeloaders—and Kick Them Out

WIRED Threat Level

Sharing is caring. But it's worth checking if your streaming accounts have picked up any suspicious stragglers along the way. Security

The Evolution of Darknets

Schneier on Security

Sales 76

Dharma Gang Pushes Phobos Crypto-Locking Ransomware

Data Breach Today

How Cybercriminals Clean Their Dirty Money

Dark Reading

By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning

103
103

What is an ISMS and 8 reasons why you should implement one

IT Governance

An ISMS (information security management system) is a centrally managed framework for keeping an organisation’s information secure. It contains a set of policies, procedures and controls for protecting the confidentiality, integrity and availability of information.

Hacking Construction Cranes

Schneier on Security

Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories.

The Application Security Team's Framework For Upgrading Legacy Applications

Data Breach Today

The coming end-of-support for Windows Server 2008 leaves IT organizations with few viable options to receive security updates beyond the cut-off date of January 14, 2020. Upgrading will be no small feat as roughly 70% of enterprise Windows applications run on Windows Server 2008 or earlier versions

A flaw in MySQL could allow rogue servers to steal files from clients

Security Affairs

A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS).

How to choose the best B2B Integration software & cloud solutions in 2019

OpenText Information Management

This is the 21st century. We can do incredible things with digital technologies. It’s transforming almost every part of business. Yet, research has shown that over 50% of information exchanged between business partners still travels by fax, email or phone rather than B2B integration technologies.

B2B 61

Brexit uncertainty and the DPA 2018

IT Governance

On 29 January, MPs will vote on Theresa May’s revised Brexit deal, in what may well be the final attempt to prevent the UK leaving the EU without a formal agreement. As it stands, the prospect of a deal doesn’t look good.

GDPR 60

Key Drivers to Enable Digital Transformation in Financial Services

Data Breach Today

Digital transformation (DX) continues to drive growth across financial services firms, creating new opportunities to increase revenue and foster innovation.

Unpatched Cisco critical flaw CVE-2018-15439 exposes small Business Networks to hack

Security Affairs

Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device.

OpenText Discovery Project Manager Spotlight

OpenText Information Management

The success of any eDiscovery project — whether it’s a contentious litigation or fast-moving internal investigation — ultimately rests on the individuals behind the screen.

Blog 65

Threat Modeling as Code

Adam Shostack

Omer Levi Hevroni has a very interesting post exploring ways to represent threat models as code. The closer threat modeling practices are to engineering practices already in place, the more it will be impactful, and the more it will be a standard part of delivery.

Report: Federal Trade Commission Weighs Facebook Fine

Data Breach Today

Facebook Probed by FTC Over Failures that Enabled Cambridge Analytica Scandal The U.S.

IT 181

Critical flaw in Linux APT package manager could allow remote hack

Security Affairs

Expert discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu.

Video 90

What’s holding back operational excellence in the utility sector?

OpenText Information Management

Once upon a time, the utility industry was a relatively simple place to be. It was all about the safe and consistent generation and distribution of energy with good capacity planning, minimal outages and happy customers. Then it all changed. Climate change happened. Infrastructure got older.

DHS Issues Emergency Directive on DNS Security

Dark Reading

All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign

Life Under GDPR: Sizing Up the Long-Term Costs

Data Breach Today

GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach cleanup, investigations, sanctions and class action lawsuits, says Ian Thornton-Trump of the financial services firm AMTrust International

Google Creates “Phishing Quiz” for Better Cyber Hygiene

Adam Levin

A Google offshoot is trying to teach people to be more circumspect about phishing attempts. Jigsaw, an incubator owned by Google parent company Alphabet, has released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. The quiz uses real-world phishing campaigns, including the Russian hack that gained access to the email account of John Podesta, Hillary Clinton’s 2016 campaign manager. “We

Upgrading to OpenText Content Suite 16 EP5—the time is now

OpenText Information Management

Upgrades are vital for organizations to improve performance. Upgrading to the latest software version ensures systems are optimized and business continuity is protected. New features provide your users with access to the latest tools to be effective.

The PCI SSC’s new software security standards – what you need to know

IT Governance

Sunset of Windows Server 2008: Migrate with Docker

Data Breach Today

The coming end-of-support for Windows Server 2008 leaves IT organizations with few viable options to receive security updates beyond the cut-off date of January 14, 2020. Upgrading will be no small feat as roughly 70% of enterprise Windows applications run on Windows Server 2008 or earlier versions

Microsoft Windows RCE Flaw Gets Temporary Micropatch

Threatpost

0patch released the fix for the remote code execution vulnerability in Windows, which has a CVSS score of 7.8. Vulnerabilities 0patch micropatch Microsoft remote code execution Windows

77

Top 5 big data analytics software benefits for manufacturing in 2019

OpenText Information Management

Data has long been the lifeblood of manufacturing. Companies have used it to increase efficiencies, improve performance and productivity, and reduce waste. With the advent of Industry 4.0 and the Internet of Things (IoT), the amount of data at hand has grown exponentially.