The Last Watchdog

SEPTEMBER 19, 2019

Cybersecurity 147

Cybersecurity 147

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. I want to put forward cases for both arguments here because seeing both sides is important. I want to help shed some light on why this practice happens and argue pragmatically both for and against.

Passwords 100

Passwords Authentication Security IT 100

Data Breach Today

SEPTEMBER 12, 2019

Researchers Say Mirai Derivatives and EternalBlue Exploits Pummel Internet-Connected Devices Two years after WannaCry wrecked havoc via flaws in SMB_v1 and three years after Mirai infected internet of things devices en masse via default credentials, attackers are increasingly targeting the same flaws, security experts warn.

IoT 250

IoT Security 250

WIRED Threat Level

SEPTEMBER 27, 2019

Any iPhone device from 2011 to 2017 could soon be jailbroken, thanks to an underlying flaw that there's no way to patch.

Security 215

Security 215

Advertiser: ZoomInfo

AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.

Sales

Thales Cloud Protection & Licensing

SEPTEMBER 19, 2019

Data is the most valuable online currency a consumer possesses. Yet most people don’t trust the companies they’re sharing data with, according to a new market trends study published by Gartner. In fact, 75% of consumers worry their online accounts may be hacked and the vast majority also believe companies are using or sharing their data without even telling them, according to the study.

Security 96

Security Personal data Data breaches Encryption 96

IT Governance

SEPTEMBER 4, 2019

Under the GDPR, DPIAs (data protection impact assessments) are mandatory for data processing that is “likely to result in a high risk to the rights and freedoms of data subjects” Effectively a type of risk assessment, DPIAs assess how these high-risk processing activities could impact data subjects. Failure to adequately conduct a DPIA where required constitutes a breach of the GDPR.

Personal data 75

Personal data GDPR Risk Access 75

Data Breach Today

SEPTEMBER 9, 2019

Beyond 'Patch or Perish' - CISOs' Risk-Based Approach to Fixing Vulnerabilities Every week seems to bring a fresh installment of "patch or perish." But security experts warn that patch management, or the larger question of vulnerability management, must be part of a much bigger-picture approach to managing risk. And the challenge continues to get more complex.

Risk 219

Risk Security 219

Security Affairs

SEPTEMBER 17, 2019

Tens of millions of records belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. Data belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. The information was left exposed online on an unsecured Amazon bucket, the records were stored in two databases in a directory containing backup files mostly for Malindo Air and Thai Lion Air.

Security 279

Security IT Data breaches 279

WIRED Threat Level

SEPTEMBER 17, 2019

At the Defcon hacking conference next year, the Air Force will bring a satellite for fun and glory.

Security 279

Security 279

Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage

When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m

Krebs on Security

SEPTEMBER 11, 2019

MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Financial Services 279

Financial Services Cloud Insurance IT 279

Collaboration 2.0

SEPTEMBER 25, 2019

My first hand experiences being locked out of my Revolut accounts and being kept in outer space by their support

214

214

The Last Watchdog

SEPTEMBER 19, 2019

201

201

Data Breach Today

SEPTEMBER 19, 2019

Symantec Sees New Tortoiseshell Gang Hitting Targets in Middle East A hacker group called Tortoiseshell has been hitting targets in the Middle East since at least July 2018, apparently targeting IT service providers to gain access to many potential targets at once. The campaign is fresh proof that criminals and nation-state attackers alike continue to favor supply chain attacks.

IT 254

IT Access 254

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

SEPTEMBER 12, 2019

SimJacker is a critical vulnerability in SIM cards that could be exploited by remote attackers to compromise any phones just by sending an SMS. Cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.

Manufacturing 280

Manufacturing Security Cybersecurity Risk 280

WIRED Threat Level

SEPTEMBER 7, 2019

Exposed Facebook phone numbers, an XKCD breach, and more of the week's top security news.

Security 262

Security 262

Krebs on Security

SEPTEMBER 27, 2019

Earlier this month, employees at more than 1,000 companies saw one or two paycheck’s worth of funds deducted from their bank accounts after the CEO of their cloud payroll provider absconded with $35 million in payroll and tax deposits from customers. On Monday, the CEO was arrested and allegedly confessed that the diversion was the last desperate gasp of a financial shell game that earned him $70 million over several years.

Financial Services 277

Financial Services Insurance Cloud IT 277

Collaboration 2.0

SEPTEMBER 11, 2019

Lines are blurring between fintech banking and consumer digital wallets, major consumer brands have much to gain and more to lose as the race to serve future customers with their own unique currencies accelerates

200

200

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

SEPTEMBER 24, 2019

Keeping track of badness on the Internet has become a thriving cottage industry unto itself. Related: ‘Cyber Pearl Harbor’ is upon us There are dozens technology giants, cybersecurity vendors, government agencies and industry consortiums that identify and blacklist IP addresses and web page URLs that are obviously being used maliciously; and hundreds more independent white hat hackers are doing much the same.

Cybersecurity 193

Cybersecurity Mining Government Encryption 193

Data Breach Today

SEPTEMBER 11, 2019

September's Patch Tuesday Addresses Elevation of Privileges Flaws As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild. Security experts are urging IT teams to quickly patch these flaws.

Security 252

Security IT 252

Security Affairs

SEPTEMBER 16, 2019

A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes login credentials entered on a site previously visited by a user.

Passwords 279

Passwords Security IT Information Security 279

WIRED Threat Level

SEPTEMBER 12, 2019

A fresh look at the 2016 blackout in Ukraine suggests that the cyberattack behind it was intended to cause far more damage.

IT 249

IT Security 249

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Krebs on Security

SEPTEMBER 18, 2019

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: It was sent via the U.S. Postal Service, with a postmarked stamp and everything. In truth these old fashioned “advance fee” or “419” scams predate email and have circulated via postal mail in various forms and countries over the years.

Phishing 227

Phishing Access IT 227

AIIM

SEPTEMBER 16, 2019

It's become trite to note the speed at which technology changes, and that the speed of those changes continues to increase. But just because it's trite doesn't mean it's not true. This means that, for records managers to continue to remain relevant, we need to ensure that we are on top of new developments in records and information management that will significantly impact our organizations.

Records Management 186

Records Management Blockchain Artificial Intelligence Information governance 186

The Last Watchdog

SEPTEMBER 10, 2019

Hear about the smart toaster that got attacked three times within an hour after its IP address first appeared on the Internet? That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today. Related: How 5G will escalate DDoS attacks Caught in the pull of digital transformation , companies are routing ever more core operations and services through the Internet, or, more precisely, through IP addresses, of one kind or anothe

Cloud 171

Cloud Security Digital transformation Financial Services 171

Data Breach Today

SEPTEMBER 24, 2019

Attackers Sending Emails Promising Copy of 'Permanent Record' A week after the Emotet botnet crept back to life, the attackers behind it are already trying a new way to ensnare victims - using Edward Snowden's newly released memoir as a phishing lure, according to the security firm Malwarebytes.

Phishing 247

Phishing Security IT 247

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

SEPTEMBER 15, 2019

Facebook addressed a vulnerability in Instagram that could have allowed attackers to access private user information. The security researcher @ZHacker13 discovered a flaw in Instagram that allowed an attacker to access account information, including user phone number and real name. ZHacker13 discovered the vulnerability in August and reported the issue to Facebook that asked for additional time to address the issue.

Access 279

Access Security IT Information Security 279

WIRED Threat Level

SEPTEMBER 7, 2019

Whether you're new to Windows 10 or have been using it for years, take a minute to lock down your privacy.

Privacy 221

Privacy IT Security 221

Krebs on Security

SEPTEMBER 3, 2019

A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the “ Satori ” botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.

IoT 218

IoT Security Access IT 218