Fri.Nov 16, 2018

Texas Hospital Hit With Dharma Ransomware Attack

Data Breach Today

Altus Baytown Hospital Among Latest Healthcare Cyberattack Victims An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector

Hidden Cameras in Streetlights

Schneier on Security

Both the US Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) are hiding surveillance cameras in streetlights.

Video 101

GandCrab Ransomware: Cat-and-Mouse Game Continues

Data Breach Today

Free Decryptor Combats 'Aggressive' Ransomware-as-a-Service Provider A new, free decryptor has been released for "aggressive" crypto-locking ransomware called GandCrab. Researchers say GandCrab has come to dominate the ransomware-as-a-service market, earning its development team an estimated $120,000 per month

Using Microsoft Powerpoint as Malware Dropper

Security Affairs

Marco Ramilli, founder and CEO at cyber security firm Yoroi has explained how to use Microsoft Powerpoint as Malware Dropper. Nowadays Microsoft office documents are often used to propagate Malware acting like dynamic droppers.

The Privacy Penalty for Voting in America

Data Breach Today

States Shouldn't Serve Up on a Platter Voters' Email Addresses and Phone Numbers Voting in the United States carries a huge privacy cost: states give away or sell voters' personal information to anyone who wants it. In this era of content micro-targeting, rampant misinformation and identity theft schemes, this trade in voters' personal data is both dangerous and irresponsible

Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit

Security Affairs

Malware researchers at the Cybaze ZLab- Yoroi team spotted a new variant of the dangerous APT28 Lojax rootkit. A new variant of the infamous APT28 Lojax (aka Double-Agent) has been discovered by the Cybaze ZLab – Yoroi team.

China's Hack Attacks: An Economic Espionage Campaign

Data Breach Today

An analysis of China's surging hack attacks as part of an economic espionage campaign leads the latest edition of the ISMG Security Report. Also: Choosing the right MSSP, plus an analysis of the recent hijacking of Google traffic

More Trending

Surveillance Kills Freedom By Killing Experimentation

WIRED Threat Level

When we're being watched, we conform. We don't speak freely or try new things. But social progress happens in the gap between what’s legal and what’s moral. Security

OpenText Extended ECM for Microsoft Dynamics 365 by Contesto has arrived with Release 16 EP5

OpenText Information Management

“If it’s not in CRM, it doesn’t exist.” ” How many times do sales professionals hear this phrase during a forecast meeting or call with their sales managers?

ECM 68

How to create a business continuity plan – with free template

IT Governance

Comprehensive BCM (business continuity management) measures are essential for responding effectively to a disruption and providing a minimum acceptable service during a disaster. A crucial aspect of BCM is the development of an effective BCP (business continuity plan).

Mailing Tech Support a Bomb

Schneier on Security

New innovations in OpenText Extended ECM Platform for Release 16 EP5

OpenText Information Management

Enterprises are increasingly dealing with more content, from more sources, with more intended uses – and a requirement to access it all on demand.

ECM 56

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

IT Governance

This week, we discuss a Bank of England cyber resilience exercise, the latest cyber security news from the US Office of Personnel Management, the highlights of this month’s Patch Tuesday, and a surprising admission by a Japanese cyber security minister.

Friday Squid Blogging: Squid Sculptures

Schneier on Security

Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here. squid

Blog 55

95% of Organizations Have Cultural Issues Around Cybersecurity

Dark Reading

Very few organizations have yet baked cybersecurity into their corporate DNA, research finds

7 of the most common cyber attacks you need to prepare for

IT Governance

Organisations are warned all the time about the threat of cyber attacks, but what does that really mean? How might a crook actually inflict damage? Here are seven of the most common methods of attack. Hacking.

Cybersecurity vulnerability rises to top concern among large organizations

Information Management Resources

Tim Francis, vice president and enterprise cyber lead at Travelers Insurance, weighs in on the findings of the new Travelers Risk Index, on cyber trends heading into 2019 and what companies should do to best protect themselves. Data security Cyber security Cyber attacks

Lessons from the Eurostar hack

IT Governance

Last month, cross-Channel rail service Eurostar discovered that it had suffered a hacking attempt between 15 and 19 October 2018. However, unlike other players in the travel industry that recently suffered breaches, such as BA and Cathay Pacific , Eurostar has emerged relatively unscathed.

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. Hong Kong, 16.11.2018 – Group-IB, an international company that specializes in preventing cyber attacks, presented the findings of its latest Hi-Tech Crime Trends 2018 report at the FinTech Security Conference in Hong Kong organized by Binary Solutions Limited in partnership with Group-IB.

NIST Begins Developing a Voluntary Online Privacy Framework

IG Guru

Friday, November 2, 2018 The Department of Commerce’s National Institute of Standards and Technology (“NIST”) announced in early September intention to create a Privacy Framework. This Privacy Framework would provide voluntary guidelines that assist organizations in managing privacy risks.

The business benefits of a strong cybersecurity culture

Information Management Resources

Employees are on the front line of a company’s cyber defense, and their involvement is critical not only in preventing compromise but also in helping the organization respond quickly to the few inevitably successful attacks. Cyber security Data security Fraud prevention Malware Encryption

New Bluetooth Hack Affects Millions of Vehicles

Dark Reading

Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system

68

Cybersecurity skills gap growing even wider, says new study

Information Management Resources

With two-thirds of organizations already saying they have a shortage of cybersecurity professionals, the cyber security workforce gap is widening even more. Data security Cyber security Cyber attacks

Study 71

Gmail Glitch Offers Stealthy Trick for Phishing Attacks

Threatpost

The issue comes from how Gmail automatically files messages into the "Sent" folder. Web Security Bug email glitch Gmail malicious actor Phishing

Insurers must think strategically about AI

Information Management Resources

While most executives expect AI to have a transformative impact on economic growth and competitiveness, executives may need to temper near-term expectations. Artificial intelligence Machine learning Data strategy

BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance

Dark Reading

BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio

Variety of healthcare entities see a bright future for AI

Information Management Resources

A survey of 500 senior healthcare executives by Optum reveals optimism on the promise of artificial intelligence, offset by the work needed to achieve results. Artificial intelligence Internet of things Wellness program ROI Insurance Medical research Optum

UK and EU Draft Withdrawal Agreement

Hunton Privacy

On November 14, 2018, the UK government and the EU agreed upon the text of a draft Withdrawal Agreement in relation to the UK’s impending exit from the European Union on March 29, 2019. The draft Withdrawal Agreement provides for a transition period under which the UK will remain subject to a number of its EU membership obligations, during the period starting when the UK leaves the EU on March 29, 2019 to the end of the transition period on December 31, 2020.

GDPR 45

5 steps organizations can take to thwart insider security threats

Information Management Resources

In my recent conversations with security leaders, the subject of insider threats has been voiced as a top reason that organizations are seeking new approaches to cybersecurity. Data security Cyber security Cyber attacks

Lock-Screen Bypass Bug Quietly Patched in Handsets

Threatpost

The flaw allows hackers to bypass handset lock screens in seconds. Mobile Security Uncategorized Vulnerabilities fingerprint Fingerprint Scanner Huawei lock lock screen bypass patch phone

Black Hat Europe Speaker Q&A: SoarTech's Fernando Maymi on 'Synthetic Humans'

Dark Reading

Ahead of his Black Hat Europe appearance, SoarTech's Fernando Maymi explains how and why synthetic humans are critical to the future of cybersecurity

Emoji Attack Can Kill Skype for Business Chat

Threatpost

The "Kitten of Doom" denial-of-service attack is easy to carry out. Vulnerabilities attack Chat client CVE-2018-8546 Denial of Service emoji instant messaging kitten of doom Microsoft patch tuesday skype for business

59

Reducing Paper Storage Through Digital Transformation

InfoGoTo

Inefficient. Expensive. A drag on productivity. Insecure. If you work for a small business, you’ve likely heard a colleague or manager use these terms to complain about paper storage, referring to the rows of filing cabinets or piles of paper waiting to be filed. And with good reason — it’s all of these things, and more. For more and more small and medium-sized businesses, the solution to all of these challenges is digital transformation.

UK: First prison sentence following ICO prosecution

DLA Piper Privacy Matters

The Information Commissioner’s Office (“ ICO “) has brought a successful prosecution under the Computer Misuse Act 1990. Mustafa Kasim, a motor industry employee, was found guilty under section 1 of the Act (unauthorised access to computer material) and sentenced to six months’ imprisonment. [1].

Critical WordPress Flaw Grants Admin Access to Any Registered Site User

Threatpost

The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website. Vulnerabilities Web Security accelerated mobile pages amp for wp google malware plugin privilege escalation vulnerability wordpress

26M Texts Exposed in Poorly Secured Vovox Database

Dark Reading

The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data

Recap of the OCR/NIST Conference on Safeguarding Health Information

HL Chronicle of Data Protection