October, 2019

article thumbnail

Malware Most Foul: Emotet, Trickbot, Cryptocurrency Miners

Data Breach Today

Researchers: Targeted Crime Attacks Surge, Continue to Blend With Nation-State Campaigns Banking Trojans and cryptocurrency mining malware continue to be among the most-seen types of malicious code used for nontargeted attacks. But cybercrime attackers are increasingly running targeted campaigns, security researchers warn.

Mining 226
article thumbnail

7 Cybersecurity Threats That Can Sneak Up on You

WIRED Threat Level

From rogue USB sticks to Chrome extensions gone wild, here is a quick guide to some basic risks you should look out for.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Zynga's Breach Notification: How to Not Inform Victims

Data Breach Today

Don't Blame Us, Blame Hackers, Mobile Gaming Giant Says "Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Not least because hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.

article thumbnail

“BriansClub” Hack Rescues 26M Stolen Cards

Krebs on Security

“ BriansClub ,” one of the largest underground stores for buying stolen credit card data, has itself been hacked. The data stolen from BriansClub encompasses more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone.

Sales 212
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into

article thumbnail

MY TAKE: CASBs help companies meet ‘shared responsibility’ for complex, rising cloud risks

The Last Watchdog

Cloud Access Security Brokers – aka “caz-bees” — have come a long way in a short time. CASBs, a term coined by tech industry consultancy Gartner, first cropped about seven years ago to help organizations enforce security and governance policies as they commenced, in earnest, their march into the cloud. Related: Implications of huge Capital One breach CASBs supplied a comprehensive set of tools to monitor and manage the multitude of fresh cyber risks spinning out of the rise in in corporate

Cloud 200

More Trending

article thumbnail

Does your use of CCTV comply with the GDPR?

IT Governance

You might be surprised to learn that CCTV footage is subject to the GDPR (General Data Protection Regulation). The Regulation isn’t just about written details, like names and addresses; it applies to any information that can identify someone. That includes pictures and videos, which is why you should be careful about the way you use CCTV. Let’s take a look at the steps you should follow to ensure your video surveillance methods are GDPR-compliant. 1.

GDPR 110
article thumbnail

Top Use Cases for Enterprise Architecture: Architect Everything

erwin

Architect Everything: New use cases for enterprise architecture are increasing enterprise architect’s stock in data-driven business. As enterprise architecture has evolved, so to have the use cases for enterprise architecture. Analyst firm Ovum recently released a new report titled Ovum Market Radar: Enterprise Architecture. In it, they make the case that enterprise architecture (EA) is becoming AE – or “architect everything” The transition highlights enterprise architect

article thumbnail

Unpatched VPN Servers Targeted by Nation-State Attackers

Data Breach Today

Pulse Secure, Palo Alto and Fortinet Devices Being Hit by APT Groups, NCSC Warns Nation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.

Security 245
article thumbnail

Tik Tok, Tick Tock…Boom.

John Battelle's Searchblog

Something’s been bugging me about Tik Tok. I’ve almost downloaded it about a dozen times over the past few months. But I always stop short. I don’t have a ton of time ( here’s why ) so forgive me as I resort to some short form tricks here. To wit: China employs a breathtaking model of state-driven surveillance. The US employs a breathtaking model of capitalist surveillance.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

sudo flaw allows any users to run commands as Root on Linux

Security Affairs

Experts discovered a security policy bypass issue in the Sudo utility that is installed as a command on almost every Linux and Unix system. The Sudo utility that is installed as a command on almost every Linux and Unix system is affected by a security policy bypass issue tracked as CVE-2019-14287. The vulnerability could be exploited by an ill-intentioned user or a malicious program to execute arbitrary commands as root on a targeted Linux system, even if the “ sudoers configuration”

article thumbnail

Own Your Cloud Security

Thales Cloud Protection & Licensing

It’s hard to believe it’s mid-October. Along with autumn, comes National Cybersecurity Awareness Month (NCSAM). The NCSAM 2019 focuses on personal accountability. Driven through mass public engagement, the ‘Own IT. Secure. IT. Protect IT.’ theme will help to encourage personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers.

Cloud 116
article thumbnail

7 mistakes that ISO 27001 auditors make

IT Governance

When organisations are seeking ISO 27001 compliance, they rely on auditors to give them good advice. Most of the time they’ll do just that – it’s what they’re paid to do. But as with any profession, some auditors are better than others. How can you tell if your auditor isn’t to be trusted? Keep an eye out for these seven mistakes: 1. They impose their opinions without facts.

article thumbnail

Data Governance Makes Data Security Less Scary

erwin

Happy Halloween! Do you know where your data is? What data you have? Who has had access to it? These can be frightening questions for an organization to answer. Add to the mix the potential for a data breach followed by non-compliance, reputational damage and financial penalties and a real horror story could unfold. In fact, we’ve seen some frightening ones play out already: Google’s record GDPR fine – France’s data privacy enforcement agency hit the tech giant with a $57 million penalty in earl

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

How Cybercriminals Continue to Innovate

Data Breach Today

Europol Report: Ransomware, DDoS, Business Email Compromises Are Persistent Threats Online attack threats continue to intensify, with criminals preferring ransomware, DDoS attacks and business email compromises, warns Europol, the EU's law enforcement intelligence agency. After numerous successful disruptions by police, criminals have responded by launching increasingly complex attacks.

article thumbnail

Speakers Censored at AISA Conference in Melbourne

Schneier on Security

Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne. Thomas Drake , former NSA employee and whistleblower, was scheduled to give a talk on the golden age of surveillance, both government and corporate. Suelette Dreyfus , lecturer at the University of Melbourne, was scheduled to give a talk on her work -- funded by the EU government -- on anonymous whistleblowing technologies like Dropbox and how they reduce corruption in countr

article thumbnail

Top cybersecurity certifications to consider for your IT career

Security Affairs

With the right cybersecurity certifications, you can attain your goals seamlessly and in a fast way and speed up your career. Cyber attacks are making headlines almost every day in today’s era. The attacks have increased both in number and complexity. Because of this natural demand, it is now crucial for companies and specialized firms to reinforce and invest in professionals to face a problem that technology can’t solve.

article thumbnail

Can smart cities be secured and trusted?

Thales Cloud Protection & Licensing

It is the year 2030, and you have had another busy day. As you finish what you thought would be your last espresso and grab your laptop to leave work, your colleague tells you that you need to stay late for an urgent meeting. Panic sets in, but you push past it and put a plan into motion. To pick your daughter up from school, you call a driverless car.

Security 113
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Security Tool Sprawl Reaches Tipping Point

Dark Reading

How a new open source initiative for interoperable security tools and a wave of consolidation could finally provide some relief for overwhelmed security analysts and SOCs.

article thumbnail

Decades-Old Code Is Putting Millions of Critical Devices at Risk

WIRED Threat Level

Nearly two decades ago, a company called Interpeak created a network protocol that became an industry standard. It also had severe bugs that are only now coming to light.

Risk 89
article thumbnail

How Google Is Using AI to Help Ensure Android App Security

Data Breach Today

Google Security Evangelist Mike Burr Describes Android Security Measures Mike Burr of Google provides an overview of Android security efforts, including using artificial intelligence to scan Android apps.

article thumbnail

Factoring 2048-bit Numbers Using 20 Million Qubits

Schneier on Security

This theoretical paper shows how to factor 2048-bit RSA moduli with a 20-million qubit quantum computer in eight hours. It's interesting work, but I don't want overstate the risk. We know from Shor's Algorithm that both factoring and discrete logs are easy to solve on a large, working quantum computer. Both of those are currently beyond our technological abilities.

Paper 90
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Teheran: U.S. has started ‘Cyber War’ against Iran

Security Affairs

Iran ’s Passive Defense Organization chief Gholamreza Jalali declared that the US government has started its cyber war against the country. Gholamreza Jalali , Iran’s Passive Defense Organization chief, announced that that “America has started its cyber war against Iran, without providing more details. The news was reported by the ISNA news website on October 1, Jalali also added that Iran “ decisively will resort to cyber defense.”.

article thumbnail

The Future of Data Protection Begins at GITEX 2019

Thales Cloud Protection & Licensing

Digital criminals won’t stop targeting the Middle East. I’ve seen numerous attack campaigns targeting this region come to the surface in 2019 alone. Back in April, I remember FireEye discovered that bad actors behind the TRITON custom attack framework had infiltrated a second critical infrastructure organization. That’s less than two years after the company spotted the first TRITON attack where malefactors used TRITON to disrupt a critical infrastructure organization in the Middle East.

Cloud 93
article thumbnail

Attackers Hide Behind Trusted Domains, HTTPS

Dark Reading

One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.

IT 95
article thumbnail

The 5 biggest ransomware pay-outs of all time

IT Governance

A few years ago, ransomware was something that only affected a few unlucky people who were forced to pay a few hundred pounds to regain access to their locked-out laptops. Nowadays, it’s a £10 billion-a-year industry , as cyber criminals have switched from targeting individuals to organisations – often those that provide essential services and that may be morally obliged to preserve access to their services, like local governments and hospitals.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

FBI: Cybercriminals Are Bypassing Multifactor Authentication

Data Breach Today

Threat Actors Using Social Engineering, Other Technical Techniques to Circumvent MFA Protections The FBI is warning banks, businesses and other organizations that cybercriminals are using social engineering and other technical techniques to circumvent multifactor authentication security protections.

article thumbnail

Illegal Data Center Hidden in Former NATO Bunker

Schneier on Security

Interesting : German investigators said Friday they have shut down a data processing center installed in a former NATO bunker that hosted sites dealing in drugs and other illegal activities. Seven people were arrested. [.]. Thirteen people aged 20 to 59 are under investigation in all, including three German and seven Dutch citizens, Brauer said. Authorities arrested seven of them, citing the danger of flight and collusion.

article thumbnail

D-Link router models affected by remote code execution issue that will not be fixed

Security Affairs

Researchers at Fortinet’s FortiGuard Labs have publicly disclosed a critical remote code execution vulnerability affecting some models of D-Link routers. Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920. The vulnerability is an unauthenticated command injection issue that was discovered on September 2019.