Sat.Nov 09, 2019 - Fri.Nov 15, 2019

Patch Tuesday, November 2019 Edition

Krebs on Security

Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it.

IT 130

New Ransomware-as-a-Service Offered at Deep Discount: Report

Data Breach Today

McAfee: Creators of 'Buran' Ask for Smaller Percentage of Ransoms Collected A new ransomware-as-a-service model dubbed "Buran" that targets vulnerabilities in certain devices running Windows is offered at a deep discount to help the malware spread faster, according to McAfee researchers

SHARED INTEL: What can be done — today — to keep quantum computing from killing encryption

The Last Watchdog

There’s little doubt that the shift to quantum computing will open new horizons of digital commerce. But it’s also plain as day that the mainstreaming of quantum processing power will profoundly exacerbate cybersecurity exposures. Related: The ‘post quantum crytpo’ race is on This isn’t coming as any surprise to IT department heads.

Navigating China, Episode 7: New China encryption law passed

DLA Piper Privacy Matters

The new PRC Encryption Law will come into force on 1 January 2020. It will bring fundamental changes to the sale, import and use of encryption technologies in China by foreign and domestic organizations.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Krebs on Security

More Trending

Microsoft Patch Tuesday updates fix CVE-2019-1429 flaw exploited in the wild

Security Affairs

Microsoft’s Patch Tuesday updates for November 2019 address over 70 flaws, including an Internet Explorer issue (CVE-2019-1429) that has been exploited in attacks in the wild.

CSO Spotlight: Terence Runge

Reltio

Article by IDG Connect. Read the recent interview that Terence Runge, the new CISO at Reltio had with IDG Connect. Terence brings more than 20 years’ security best practices experience in high tech, cloud services, and software development.

Cloud 52

Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings

WIRED Threat Level

Speculative execution attacks still haunt Intel, long after researchers told the company what to fix. Security Security / Cyberattacks and Hacks

Microsoft Will Apply California's Privacy Law Nationwide

Data Breach Today

Company's Move Could Influence Other Technology Companies Microsoft will apply the core rights of the California Consumer Privacy Act across all its customers in the U.S., which could nudge other technology companies in the same direction as online privacy becomes an increasing concern.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

Facebook is secretly using iPhone’s camera as users scroll their feed

Security Affairs

New problems for Facebook, it seems that the social networking giant is secretly using the camera while iPhone users are scrolling their feed. Is this another privacy issue for Facebook?

AI, Records, and Accountability

ARMA International

This article is part of a collaboration between ARMA and AIEF and is included in Information Management Magazine, ARMA-AIEF Special Edition , which will be available for download in mid-November. A printed version of the special issue will be available as well, for a nominal fee. Introduction.

Kofax Enhances Industry-Leading Intelligent Automation Platform with New AI Capabilities, Helping Organizations Work Like Tomorrow—Today

Document Imaging Report

New Natural Language Processing (NLP) and Machine Learning (ML) Enable Digital Dexterity when Automating Operations. Irvine, CA – Nov.

Labour Party Hit by Massive Online Attack Attempt

Data Breach Today

No Systems Compromised, But Campaigning Disrupted, UK Party Officials Report The U.K. Labour Party says its systems were hit by a large-scale online attack that disrupted access to some campaigning systems, but led to no breach.

Access 130

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Mexican state-owned oil company Pemex hit by ransomware

Security Affairs

On S unday , the Mexican state-owned oil company Petróleos Mexicanos (Pemex) was infected with the DoppelPaymer ransomware. On Sunday, a piece of the DoppelPaymer ransomware infected systems of the Mexican state-owned oil company Petróleos Mexicanos (Pemex) taking down part of its network.

#COBOL60: Your COBOL questions, answered – Part Three

Micro Focus

At a recent Micro Focus-sponsored virtual event, more than 300 COBOL community members celebrated its 60th anniversary and by posing over 90 questions to our expert panel.

IT 52

As 5G Rolls Out, Troubling New Security Flaws Emerge

WIRED Threat Level

Researchers have identified 11 new vulnerabilities in 5G—with time running out to fix them. Security Security / Security News

Election Interference Notification Protocols Unveiled

Data Breach Today

White House Describes Framework for Notifying Public of 2020 Election Interference The White House has developed protocols for notifying the public of nation-state hacking or other interference during the 2020 presidential election cycle. But the full framework has not yet been released

130
130

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

All About Machine Learning with Oracle Analytics

Perficient Data & Analytics

Perficient Presents at Oracle OpenWorld 2019 – Live from the show floor, a director in our analytics team delivers an overview of the machine learning capabilities of Oracle Analytics Cloud with its built-in ML algorithms. Machine Learning is a science that existed for several decades.

Labour Party hit by “sophisticated” cyber attack

IT Governance

The Labour Party’s campaign website has suffered a “sophisticated and large-scale” cyber attack, a spokesperson has said. Security procedures had “slowed down” some election campaign activities, but the party believes that no sensitive data was compromised.

Identifying and Arresting Ransomware Criminals

Schneier on Security

The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because -- as generally happens -- they made mistakes covering their tracks.

Microsoft Warns Users: Beware of Damaging BlueKeep Attacks

Data Breach Today

Software Giant Says Exploits Could Expand Beyond Cryptomining Now that security researchers have located the first exploits that take advantage of the BlueKeep vulnerability in Windows, Microsoft is warning users to apply patches the company issued for this flaw before more dangerous exploits merge

Buran ransomware-as-a-service continues to improve

Security Affairs

The recently discovered ransomware-as-a-service (RaaS) Buran attempts to gain popularity by offering discounted licenses. In May, researchers from McAfee’s Advanced Threat Research Team discovered a new piece of ransomware named ‘Buran.’

Introducing OpenText Core for Federated Compliance

OpenText Information Management

Holistic, cross-enterprise information governance has long been the vision for records administrators coping with large-scale enterprise content.

EU: New Guidelines on the concepts of controller, processor and joint controllership

DLA Piper Privacy Matters

On 7 November, the European Data Protection Supervisor issued a set of guidelines that could be used by organisations to determine whether they act as controller, processor or joint controller. The Guidelines also contain easy-to-use checklists as well as a flowchart.

Sen. Warner Asks HHS for Answers on Unsecured Medical Images

Data Breach Today

Questions HIPAA Enforcement Agency in Wake of Millions of Patient Files Discovered Online Senator Mark Warner, D-Va.,

130
130

TA505 Cybercrime targets system integrator companies

Security Affairs

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. Introduction. During a normal monitoring activity, one of the detection tools hits a suspicious email coming from the validtree.com domain.

Announcing OpenText AppWorks Release 16 EP7

OpenText Information Management

In today’s competitive environment, one imperative for every organization is to meet expectations for a dynamic digital experience. This requires a digital-first approach. Unfortunately, introducing new products, services, channels and ways of working can take longer than the market demands.