Sat.Nov 10, 2018 - Fri.Nov 16, 2018

Romanian Hacker 'Guccifer' Extradited to US

Data Breach Today

238

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Krebs on Security

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others.

IT 230

New DigiCert poll shows companies taking monetary hits due to IoT-related security missteps

The Last Watchdog

Even as enterprises across the globe hustle to get their Internet of Things business models up and running, there is a sense of foreboding about a rising wave of IoT-related security exposures. And, in fact, IoT-related security incidents have already begun taking a toll at ill-prepared companies. Related: How to hire an IoT botnet — for $20. That’s the upshot of an extensive survey commissioned by global TLS, PKI and IoT security solutions leader DigiCert.

IoT 129

Speaking Of: (Not Your Father’s) Capture

Weissman's World

Information capture has come a long way, baby! From stuffing paper through a scanner to taking pictures in the literal blink of an eye, it’s so much more than what we grew up with. Here, the illustrious Bob Larrivee and I talk about the “latest-and-greatest” in the world of capture, and the need to update […]. The post Speaking Of: (Not Your Father’s) Capture appeared first on Holly Group. capture Capture infogov information governance

Magecart Cybercrime Groups Mass Harvest Payment Card Data

Data Breach Today

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, involving payment card data being stolen from e-commerce sites via injected attack code.

Groups 242

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

Krebs on Security

A California man who pleaded guilty Tuesday to causing dozens of swatting attacks — including a deadly incident in Kansas last year — now faces 20 or more years in prison. Tyler Raj Barriss, in an undated selfie.

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

Cyber criminals are deploying the very latest in automated weaponry, namely botnets, to financially plunder corporate networks. The attackers have a vast, pliable attack surface to bombard: essentially all of the externally-facing web apps, mobile apps and API services that organizations are increasingly embracing, in order to stay in step with digital transformation. Related: The ‘Golden Age’ of cyber espionage is upon us.

B2C 117

More Trending

Congress Approves New DHS Cybersecurity Agency

Data Breach Today

Bill Creating Cybersecurity and Infrastructure Security Agency Awaits President's Signature The United States will soon officially have a single agency that takes the lead role for cybersecurity.

Patch Tuesday, November 2018 Edition

Krebs on Security

Microsoft on Tuesday released 16 software updates to fix more than 60 security holes in various flavors of Windows and other Microsoft products. Adobe also has security patches available for Flash Player , Acrobat and Reader users.

Tools 179

Chip Cards Fail to Reduce Credit Card Fraud in the US

Schneier on Security

A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals. The reasons seem to be twofold.

Sales 107

Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria

Security Affairs

Google services were partially inaccessible on Monday due to a BGP leak that caused traffic redirection through Russia, China, and Nigeria. A BGP leak caused unavailability of Google service on Monday, the traffic was redirected through Russia, China, and Nigeria.

Who Hijacked Google's Web Traffic?

Data Breach Today

Data Routes Through Russia, Nigeria and China, Raising Security Concerns Google is investigating the unorthodox routing of traffic bound for its cloud services that instead traveled via internet service provides in Nigeria, Russia and China.

Cloud 201

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

The Last Watchdog

A security-first mindset is beginning to seep into the ground floor of the IT departments of small and mid-sized companies across the land. Senior executives at these SMBs are finally acknowledging that a check-box approach to security isn’t enough, and that instilling a security mindset pervasively throughout their IT departments has become the ground stakes. Related: The ‘gamification’ of cybersecurity training.

Hidden Cameras in Streetlights

Schneier on Security

Both the US Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) are hiding surveillance cameras in streetlights.

Video 101

Expert found a way to bypass Windows UAC by mocking trusted Directory

Security Affairs

David Wells, a security expert from Tenable, devised a method to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted directory. .

Course 111

Breach of Obamacare Site Spilled Sensitive Data

Data Breach Today

Data 194

The GDPR: Everything you need to know about data controllers and data processors

IT Governance

Data controllers and data processors are an integral part of the GDPR. This article explains what those roles involve and helps you understand if you are a controller, processor or both.

GDPR 103

Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies

Troy Hunt

You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really don't like?

Demo 98

Nginx server security flaws expose more than a million of servers to DoS attacks

Security Affairs

Nginx developers released security updates to address several denial-of-service (DoS) vulnerabilities affecting the nginx web server. nginx is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, it is used by 25.28% busiest sites in October 2018.

Chinese Cyber Threat: NSA Confirms Attacks Have Escalated

Data Breach Today

Defending Forward' Is New Military Mantra for Defending Government Networks With cyber espionage attacks from China escalating over the past year, the NSA's Rob Joyce says the U.S.

BA data breach: 565,000 customers may have been affected

IT Governance

In September, British Airways announced it had suffered a data breach that compromised the personal and financial data of more than 380,000 customers. However, the airline has since admitted that an extra 185,000 people may have been affected. Then and now.

Guest Blog: Why it’s Critical to Orchestrate PKI Keys for IoT

Thales Data Security

According to statistica the number of Internet of Things (IoT) devices connected will rise to 23 billion this year. From industrial machinery and intelligent transportation to health monitoring and emergency notification systems, a broad range of IoT devices are already being deployed by enterprises.

IoT 92

Hacking the hackers – IOT botnet author adds his own backdoor on top of a ZTE router backdoor

Security Affairs

The author of an IoT botnet is distributing a backdoor script for ZTE routers that also includes his own backdoor to hack script kiddies. A weaponized IoT exploit script is being used by script kiddies, making use of a vendor backdoor account to hack the ZTE routers.

IoT 109

Magecart Cybercrime Groups Harvest Payment Card Data

Data Breach Today

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, which involve payment card data being stolen from e-commerce sites via injected attack code.

Groups 187

New IoT Security Regulations

Schneier on Security

Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to lightbulbs to major appliances­ -- to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare.

IoT 92

Shopping safely over Black Friday and Cyber Monday

IT Governance

Black Friday and Cyber Monday are almost upon us, kickstarting what retailers hope will be a successful trading period. However, the flurry of purchases and the data that represents means cyber criminals will also be looking to cash in.

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

Security Affairs

North Korea-linked Lazarus Group has been using FastCash Trojan to compromise AIX servers to empty tens of millions of dollars from ATMs.

Texas Hospital Hit With Dharma Ransomware Attack

Data Breach Today

Altus Baytown Hospital Among Latest Healthcare Cyberattack Victims An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector

Hiding Secret Messages in Fingerprints

Schneier on Security

This is a fun steganographic application : hiding a message in a fingerprint image. Can't see any real use for it, but that's okay. academicpapers encryption fingerprints steganography

IT 90

UK Publication Names Thales eSecurity Global CISO to 2018 Top 25 Women in Tech List

Thales Data Security

Thales eSecurity Global CISO Bridget Kenyon was recently named one of the ‘Top 25 Women in Tech 2018’ by UK publication PCR.

Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks

Security Affairs

Kaspersky revealed that the CVE-2018-8589 Windows 0-day fixed by Microsoft Nov. 2018 Patch Tuesday has been exploited by at least one APT group in attacks in the Middle East.

Groups 100

GandCrab Ransomware: Cat-and-Mouse Game Continues

Data Breach Today

Free Decryptor Combats 'Aggressive' Ransomware-as-a-Service Provider A new, free decryptor has been released for "aggressive" crypto-locking ransomware called GandCrab. Researchers say GandCrab has come to dominate the ransomware-as-a-service market, earning its development team an estimated $120,000 per month

Surveillance Kills Freedom By Killing Experimentation

WIRED Threat Level

When we're being watched, we conform. We don't speak freely or try new things. But social progress happens in the gap between what’s legal and what’s moral. Security

OpenText Extended ECM for Microsoft Dynamics 365 by Contesto has arrived with Release 16 EP5

OpenText Information Management

“If it’s not in CRM, it doesn’t exist.” ” How many times do sales professionals hear this phrase during a forecast meeting or call with their sales managers?

ECM 68

Senior German officials wants exclude Chinese firms from building 5G infrastructure

Security Affairs

Senior German officials are making pressure on the government to exclude Chinese firms from building the country’s 5G infrastructure. Many countries are going to build 5G infrastructure, but the approach of the government is completely different.

Do the HIPAA Rules Hamper Coordinated Patient Care?

Data Breach Today

HHS to Seek Comments on Whether the Rules Create Barriers to Sharing Patient Information Federal regulators plan to seek public comments on whether the HIPAA rules create barriers to sharing patient information among healthcare providers, hampering the ability to coordinate care.

157

A Record Destruction Policy Is a Business and Environmental Win-Win

InfoGoTo

Why exactly does an organization — even a small one — need a record destruction policy? Like so many other relationships, an enterprise’s relationship with its own records is complicated.