Wed.Jan 23, 2019

How the U.S. Govt. Shutdown Harms Security

Krebs on Security

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents.

DHS Issues More Urgent Warning on DNS Hijacking

Data Breach Today

Government Agencies Should Audit DNS Settings Within 10 Days The U.S. Department of Homeland Security says executive branch agencies are being targeted by attacks aimed at modifying Domain Name System records, which are critical for locating websites and services.

MY TAKE: US cyber adversaries take cue from shutdown to accelerate malware deployment

The Last Watchdog

One profound consequence of Donald Trump’s shutdown of the federal government, now in day 33, is what a boon it is to US cyber adversaries. And moving forward, the long run ramifications are likely to be dire, indeed. Related: Welcome to the ‘golden age’ of cyber espionage.

5 Malware Trends: Emotet is Hot, Cryptominers Decline

Data Breach Today

Attackers Dig Deeper Into Businesses as WannaCry Lingers, Ransomware Lives On As the value of cryptocurrency has plummeted, so too have the number of cryptomining infections being seen in the wild, reports security firm Malwarebytes.

Trends 166

The Evolution of Darknets

Schneier on Security

Sales 76

The Application Security Team's Framework For Upgrading Legacy Applications

Data Breach Today

The coming end-of-support for Windows Server 2008 leaves IT organizations with few viable options to receive security updates beyond the cut-off date of January 14, 2020. Upgrading will be no small feat as roughly 70% of enterprise Windows applications run on Windows Server 2008 or earlier versions

More Trending

Key Drivers to Enable Digital Transformation in Financial Services

Data Breach Today

Digital transformation (DX) continues to drive growth across financial services firms, creating new opportunities to increase revenue and foster innovation.

PHP PEAR official site hacked, tainted package manager distributed for 6 months

Security Affairs

PHP PEAR official site hacked, attackers replaced legitimate version of the package manager with a tainted version in the past 6 months.

Blog 66

Sunset of Windows Server 2008: Migrate with Docker

Data Breach Today

The coming end-of-support for Windows Server 2008 leaves IT organizations with few viable options to receive security updates beyond the cut-off date of January 14, 2020. Upgrading will be no small feat as roughly 70% of enterprise Windows applications run on Windows Server 2008 or earlier versions

How to choose the best B2B Integration software & cloud solutions in 2019

OpenText Information Management

This is the 21st century. We can do incredible things with digital technologies. It’s transforming almost every part of business. Yet, research has shown that over 50% of information exchanged between business partners still travels by fax, email or phone rather than B2B integration technologies.

B2B 61

Life Under GDPR: Data Breach Cost Unknown

Data Breach Today

GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach cleanup, investigations, sanctions and class action lawsuits, says Ian Thornton-Trump of the financial services firm AMTrust International

Brexit uncertainty and the DPA 2018

IT Governance

On 29 January, MPs will vote on Theresa May’s revised Brexit deal, in what may well be the final attempt to prevent the UK leaving the EU without a formal agreement. As it stands, the prospect of a deal doesn’t look good.

GDPR 60

Victim Count in Alaska Health Department Breach Soars

Data Breach Today

2018 Breach Report Said 501 Affected, But Now Up to 700,000 Being Notified Alaska state authorities are notifying up to 700,000 individuals of a health department data breach that originally was reported to federal regulators last June as affecting only 501 people. Why is it so difficult to determine the scope of some breaches

Threat Modeling as Code

Adam Shostack

Omer Levi Hevroni has a very interesting post exploring ways to represent threat models as code. The closer threat modeling practices are to engineering practices already in place, the more it will be impactful, and the more it will be a standard part of delivery.

Top 5 big data analytics software benefits for manufacturing in 2019

OpenText Information Management

Data has long been the lifeblood of manufacturing. Companies have used it to increase efficiencies, improve performance and productivity, and reduce waste. With the advent of Industry 4.0 and the Internet of Things (IoT), the amount of data at hand has grown exponentially.

DHS Issues Emergency Directive on DNS Security

Dark Reading

All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign

Google Creates “Phishing Quiz” for Better Cyber Hygiene

Adam Levin

A Google offshoot is trying to teach people to be more circumspect about phishing attempts. Jigsaw, an incubator owned by Google parent company Alphabet, has released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. The quiz uses real-world phishing campaigns, including the Russian hack that gained access to the email account of John Podesta, Hillary Clinton’s 2016 campaign manager. “We

The PCI SSC’s new software security standards – what you need to know

IT Governance

Microsoft Windows RCE Flaw Gets Temporary Micropatch

Threatpost

0patch released the fix for the remote code execution vulnerability in Windows, which has a CVSS score of 7.8. Vulnerabilities 0patch micropatch Microsoft remote code execution Windows

77

Does the Colorado Data Privacy Law Affect You?

InfoGoTo

When a strengthened Colorado data privacy law took effect on September 1, 2018, the state joined others (including California and Massachusetts) in becoming more proactive on data protection by passing laws aimed at safeguarding consumer data.

Offsite Document Storage for Texas Lawyers and Law Firms

Armstrong Archives

As a lawyer, you know how much paper your firm produces on a daily basis. You use paper to record important information, but you cannot dispose of this material in a haphazard manner. In fact, certain original documents must be kept for a minimum length of time per Texas Bar Association rules.

How to choose the best B2B Integration software & cloud solutions in 2019

OpenText Information Management

This is the 21st century. We can do incredible things with digital technologies. It’s transforming almost every part of business. Yet, research has shown that over 50% of information exchanged between business partners still travels by fax, email or phone rather than B2B integration technologies.

B2B 52

The Art of Document Restoration

IG Guru

The post The Art of Document Restoration appeared first on IG GURU. Disaster Recovery IG News Information Governance Sponsored Document Restoration Polygon

U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks

Threatpost

An emergency directive from the Department of Homeland Security provides "required actions" for U.S. government agencies to prevent widespread DNS hijacking attacks. Government Hacks alert cyberattack Department of Homeland Security DNS Hijack DNS Hijacking Domain Name System government warning hack Irán

RF Hacking Research Exposes Danger to Construction Sites

Dark Reading

Trend Micro team unearthed 17 vulnerabilities among seven vendors' remote controller devices

The 11 highest paid technology jobs for 2019

Information Management Resources

Artificial intelligence, machine learning and Internet of Things skills join the ranks of the top paid jobs in technology. Compensation CIO Data science

Nest Cams Hijacked in the Name of PewDiePie and North Korea Pranks

WIRED Threat Level

In separate incidents, hackers have used poor password hygiene to terrify Nest camera owners. Security

The rise of Haas and IaaS and their impacts on data security

Information Management Resources

The rise of HaaS and IaaS in 2019 will shed light on a central insecurity in PaaS cloud strategy, as the staff controlling cloud environments have access to the information and materials stored and used in the cloud. Data security Cyber security Data privacy

Cloud 69

Malware in Ad-Based Images Targets Mac Users

Threatpost

Researchers detected 191,970 bad ads and estimates that around 1 million users were impacted. Malware Web Security ad-based malware hack Mac Malvertising malware shlayer trojan steganography

Join Our 4 Can’t-Miss Sessions at MicroStrategy World

Perficient Data & Analytics

MicroStrategy World is around the corner, happening February 4-6th in Phoenix. With the recent release of MicroStrategy 2019 and O365 integration , it will be an exciting education-packed week! Perficient is proud to be a Gold sponsor of the event. We’ll be exhibiting at booth #300 in the expo hall where our experts will be onsite to strategize and present demos showcasing proven ways to advance analytics, mobility, cloud, AI, and augmented reality.

RogueRobin Malware Uses Google Drive as C2 Channel

Threatpost

The RogueRobin uses a mix of novel techniques. Malware C2 darkhydrus google drive Malware analysis roguerobin

Discover New Tools for Network Testing & Defense at Black Hat Asia

Dark Reading

Find yourself some of the latest and most exciting cybersecurity tools at the Arsenal, where you can meet and chat with their creators

Email hack suspected in Valley Hope Association data breach

Information Management Resources

Valley Hope Association, comprising 16 addiction treatment facilities in seven Midwest states, suffered a breach of data after an employee’s email account was hacked. Phishing Data breaches Cyber security Protected health information HIPAA regulations

Google Creates Online Phishing Quiz

Dark Reading

Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email