2018

How Cyber Insurance Is Changing in the GDPR Era

Data Breach Today

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

Krebs on Security

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S.

Management by Magazine (InfoGov Edition)

Weissman's World

Today, on Perpective Check: The truth and consequences of your boss flipping through the pages of a magazine and saying, “I just read about [new shiny infogov object] that EVERYBODY’S using. How come we’re not??” link]. The post Management by Magazine (InfoGov Edition) appeared first on Holly Group.

Strong, streamlined and secure: How to get the most out of centralized key management

Thales Data Security

With organizations around the world now deploying ever-increasing amounts of encryption solutions in an effort to ward off cybercrime, businesses are facing a combination of challenges.

Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack

The Last Watchdog

Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA. To the contrary, DDoS attacks appear to be scaling up and getting more sophisticated in lock step with digital transformation; DDoS attacks today are larger, more varied and come at the targeted website from so many more vectors than ever before.

IoT 197

E-Mail Leaves an Evidence Trail

Schneier on Security

If you're going to commit an illegal act, it's best not to discuss it in e-mail. It's also best to Google tech instructions rather than asking someone else to do it: One new detail from the indictment, however, points to just how unsophisticated Manafort seems to have been.

List of data breaches and cyber attacks in June 2018 – 145,942,680 records leaked

IT Governance

As another month ends, let’s look back at the data breaches and cyber attacks that have come to light in the last few weeks. Earlier this month I had a conversation about cyber security that ended with someone offering the familiar opinion: “Oh, I won’t be hacked – our website isn’t very popular”.

More Trending

Connecticut City Pays Ransom After Crypto-Locking Attack

Data Breach Today

Separately, a Water Utility Hit by Ryuk Ransomware Vows to Restore, Not Pay A tale of two different ransomware victims' responses: One Connecticut city says it had little choice but to pay a ransom to restore crypto-locked systems.

Romanian Hacker 'Guccifer' Extradited to US

Data Breach Today

238

Ransomware Keeps Ringing in Profits for Cybercrime Rings

Data Breach Today

SamSam, Dharma, GandCrab and Global Imposter Make for Ongoing Bitcoin Paydays Criminals wielding crypto-locking ransomware - especially Dharma/CrySiS, GandCrab and Global Imposter, but also SamSam - continue to attack.

Equifax Hit With Maximum UK Privacy Fine After Mega-Breach

Data Breach Today

Multiple Failures' Cited as Watchdog Levies Maximum Possible Pre-GDPR Fine Credit bureau Equifax has been hit with the maximum possible fine under U.K.

Magecart Cybercrime Groups Mass Harvest Payment Card Data

Data Breach Today

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, involving payment card data being stolen from e-commerce sites via injected attack code.

Groups 242

Legacy Content Migration: Urgent Need is Largely Invisible

Weissman's World

Fun fact: an estimated 75% of today’s content management solutions were installed before the year 2010 – meaning that most organizations are now depending upon systems that at best are dated, and at are worst dangerously close end-of-life.

Groups 222

Voice Phishing Scams Are Getting More Clever

Krebs on Security

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams.

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.

Mining 174

Security Breaches Don't Affect Stock Price

Schneier on Security

Interesting research: " Long-term market implications of data breaches, not ," by Russell Lange and Eric W. Burger.

Ransomware Crypto-Locks Port of San Diego IT Systems

Data Breach Today

Port Remains Open and Accessible to Ships, Officials Say Several days after the Port of San Diego was hit by a crypto-locking ransomware attack, incident response efforts remain underway and many port systems remain offline.

Mirai Co-Author Gets House Arrest, $8.6 Million Fine

Data Breach Today

Paras Jha Launched DDoS Attacks Against Rutgers, Ran Click-Fraud Botnets One of the co-authors of the devastating Mirai botnet malware has been sentenced to home incarceration and community service, and ordered to pay $8.6

243

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Krebs on Security

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others.

IT 230

FDA Reveals Steps to Bolster Medical Device Cybersecurity

Data Breach Today

Crypto-Locking Kraken Ransomware Looms Larger

Data Breach Today

Ransomware-as-a-Service Operation Joins Forces With Fallout Exploit Kit A slick ransomware-as-a-service operation called Kraken Cryptor has begun leveraging the Fallout exploit kit to help it score fresh victims, researchers from McAfee and Recorded Future warn.

Anthem Mega-Breach: Record $16 Million HIPAA Settlement

Data Breach Today

Regulators Say Health Insurer Failed to Take Basic Security Steps Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight

HSBC Bank Alerts US Customers to Data Breach

Data Breach Today

Unauthorized Entry' to Some Accounts Exposes Account Details and Statements HSBC bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it's detected no signs of fraud following the "unauthorized entry."

GandCrab Ransomware Partners With Crypter Service

Data Breach Today

Gang's Cult Status and Marketing Savvy Belies Shoddy Attack Code, McAfee Says The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships.

Europe Catches GDPR Breach-Notification Fever

Data Breach Today

Privacy Law is Fast Revealing the True Extent of Data Breaches Across UK and EU Less than four months after GDPR went into enforcement, Europe has arguably entered the modern data breach era.

GDPR 247

MY TAKE: Here’s why we need ‘SecOps’ to help secure ‘Cloud Native’ companiess

The Last Watchdog

For many start-ups, DevOps has proven to be a magical formula for increasing business velocity. Speed and agility is the name of the game — especially for Software as a Service (SaaS) companies. Related: How DevOps enabled the hacking of Uber. DevOps is a process designed to foster intensive collaboration between software developers and the IT operations team, two disciplines that traditionally have functioned as isolated silos with the technology department.

Cloud 161

Cathay Pacific Says 9.4 Million Affected by Data Breach

Data Breach Today

Airline's Five-Month Delay Before Public Disclosure Raises Concern Hong Kong-based airline Cathay Pacific says the personal details of 9.4 million passengers were inappropriately accessed in March, a breach the company confirmed in early May but publicly revealed on Wednesday.

GDPR will be a harsh wake-up call for most U.S. companies

Information Management Resources

Recent studies suggest only one-in-four organizations are well-prepared for the data management mandate, a statistic that could have costly consequences. GDPR Compliance Compliance systems Data privacy Data security

GDPR 220

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel.

SMS Phishing + Cardless ATM = Profit

Krebs on Security

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.

'Magecart' Card-Sniffing Gang Cracks Newegg

Data Breach Today

E-Commerce Site Investigates Malware Attack and Payment Card Data Theft Online retailer Newegg is investigating a malware attack that may have stolen customers' payment card details for more than a month.

Retail 243

Facebook Slammed With Maximum UK Privacy Fine

Data Breach Today

Failings Leading to Cambridge Analytica Scandal Earn Sharp Rebuke From Regulator Facebook has been slammed with the maximum possible fine under U.K.

North Korean Hackers Tied to $100 Million in SWIFT Fraud

Data Breach Today

FireEye Traces APT38 Attacks; US-CERT Issues ATM Cash-Out Malware Attack Alert A gang of North Korean government hackers, known as APT38, has stolen more than $100 million from banks in Asia and Africa via fraudulent SWIFT transfers, cybersecurity firm FireEye warns. Separately, the U.S.

US Again Indicts Chinese Intel Agents Over Hacking

Data Breach Today

Scheme Sought to Steal Data on Turbofan Engines, Saving on Development Costs The Justice Department says two Chinese intelligence officers and eight others were indicted for stealing trade secrets that are intended to help the country shortcut technology research.

Data 227

Facebook Clarifies Extent of Data Breach

Data Breach Today

30 Million Affected; 14 Million Had Extensive Information Exposed Facebook now says that 20 million fewer accounts were breached than it originally believed, but the attackers accessed extensive sensitive personal information on nearly half of those affected

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force , a team of law enforcement officers and prosecutors based in Santa Clara, Calif.

Trend Micro takes multi-pronged approach to narrowing the gaping cybersecurity skills gap

The Last Watchdog

Remember the old adage, you can never be too thin or too rich? The software development world has its own take on that dictum—you can never be too fast. Related: Gamification training targets iGens. Business demand dictates a frenetic pace for delivering new and better technology. To perfect the process, more organizations are taking a DevOps approach—melding software development and software operations simultaneously.

Trends 164