Sat.Jul 28, 2018 - Fri.Aug 03, 2018

article thumbnail

The Year Targeted Phishing Went Mainstream

Krebs on Security

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack ). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and

Phishing 152
article thumbnail

Understanding keys is key to understanding

Thales Cloud Protection & Licensing

The newest CipherTrust Cloud Key Manager capability. CipherTrust Cloud Key Manager is a multi-cloud encryption key management solution ideal for customers using Microsoft Azure Key Vault , Amazon Web Services Key Management Service , Microsoft Office365 or Salesforce Shield Platform Encryption. Before I talk about the importance of the newest feature of Cipher Trust Key Manager let’s define some terms to get everyone thinking similarly about keys and key management.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Reddit Got Hacked Thanks to a Woefully Insecure Two-Factor Setup

WIRED Threat Level

The tech community has known about the risk of using SMS in two-factor authentication for years. Reddit appears to have missed the memo.

article thumbnail

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

Illicit crypto mining is advancing apace. It was easy to see this coming. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Cryptojacking was born. And now, the next-level shift is underway. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores.

Mining 213
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

More Trending

article thumbnail

How Cloudflare Uses Lava Lamps to Guard Against Hackers

WIRED Threat Level

Inside Cloudflare's San Francisco office, 100 units of Edward Craven Walker’s groovy hardware help guard the internet.

Security 112
article thumbnail

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. One of more fascinating innovators in this space is 11-year-old DataLocker, based in Overland Park, Kansas. Related: How DataLocker got its start h. Co-founder Jay took a business trip to South Korea in the fall of 2007.

article thumbnail

Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months

Krebs on Security

TCM Bank , a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.

article thumbnail

Salesforce Security Alert: API Error Exposed Marketing Data

Data Breach Today

Marketing Cloud Data Potentially Accessed or Corrupted Over 6-Week Period Cloud-based CRM giant Salesforce.com is warning some of its Marketing Cloud users that any data they stored may have been accessed by third parties or inadvertently corrupted because of an API error that persisted for six weeks.

Marketing 167
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

10 More Women in Security You May Not Know But Should

Dark Reading

The second installment in a series highlighting women who are driving change in cybersecurity but may not be on your radar - yet.

article thumbnail

National Cybersecurity Alliance advocates ‘shared responsibility’ for securing the Internet

The Last Watchdog

The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training. The National Cyber Security Alliance is a non-profit group, underwritten by the top tech companies and biggest banks, that has been out there since 2001 promoting best practices and supplying pr

article thumbnail

On Leaving the Bay Area

John Battelle's Searchblog

I first moved to the Bay area in 1983. I graduated from high school, spent my summer as an exchange student/day laborer in England (long story), then began studies at Berkeley, where I had a Navy scholarship (another long story). 1983. 35 years ago. 1983 was one year before the introduction of the Macintosh (my first job was covering Apple and the Mac).

IT 110
article thumbnail

The Complexities of Vulnerability Management & What Needs To Be Done

Data Breach Today

86 Percent of Bugs Patchable Within 24 Hours, Says Flexera's Alejandro Lavie One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.

Security 157
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Identifying People by Metadata

Schneier on Security

Interesting research: " You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information ," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini. Abstract: Metadata are associated to most of the information we produce in our daily interactions and communication in the digital world. Yet, surprisingly, metadata are often still categorized as non-sensitive.

Metadata 106
article thumbnail

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

The Last Watchdog

Understanding today’s cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021.

Analytics 140
article thumbnail

Hundreds of apps removed from Google Play store because were carrying Windows malware

Security Affairs

Google recently removed 145 applications from the official Google Play store because they were found to carry malicious Windows executables inside. Researchers from Palo Alto Networks revealed that Google removed more than 145 apps from the Play store because they were carrying a Windows malware, The apps were uploaded to the Google Play store between October and November 2017, this means that for months Android users were exposed to the attack.

article thumbnail

Facebook Reveals Ongoing Political Influence Campaigns

Data Breach Today

Propaganda Efforts - and Adversary OPSEC - Continue to Improve, Experts Warn Facebook has suspended eight pages and 24 accounts for "coordinated inauthentic behavior" tied to apparent political influence campaigns ahead of an event in Washington. While Facebook declined to attribute the activities to specific individuals or groups, U.S. lawmakers are blaming the Kremlin.

154
154
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Three of My Books Are Available in DRM-Free E-Book Format

Schneier on Security

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 gets you everything, and they're all DRM-free. Even better, a portion of the proceeds goes to the EFF. As a board member, I've seen the other side of this.

IT 105
article thumbnail

List of data breaches and cyber attacks in July 2018 – 139,731,894 million records leaked

IT Governance

Another month passes where I’m left thinking ‘I should really create a Healthcare category’. So, from next month – I’ll be doing exactly that. There were some incredibly sensitive breaches this month, the majority of which were caused by human error. I imagine human error will continue to be the main cause of data breaches for decades to come – damn humans.

article thumbnail

Fin7: The Inner Workings of a Billion-Dollar Hacking Group

WIRED Threat Level

The Justice Department announced the arrest of three members of notorious cybercrime group Fin7—and detailed some of their methods in the process.

article thumbnail

Russian Carder Tied to $4 Million in Fraud Sentenced

Data Breach Today

Mikhail Malykhin's Schemes Drove Healthcare Benefits Firm Out of Business Russian national Mikhail Malykhin, who was illegally residing in the U.S., has received a 70-month prison sentence after admitting to hack attacks and conspiring to use fraudulent debit cards issued via a hacked healthcare benefits administrator.

150
150
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Backdoors in Cisco Routers

Schneier on Security

We don't know if this is error or deliberate action, but five backdoors have been discovered already this year.

104
104
article thumbnail

GDPR After the Deadline — Part 2 of 3 — Where are organizations in their GDPR journey and how much did they spend to get there?

AIIM

The GDPR’s May 25, 2018 deadline set in motion a mad compliance and security scramble not only for European companies, but also for any company doing business in Europe or with European customers. We just published a new market research report on GDPR. The purpose of this survey of 262 executives was to quantify – as close to the May 25th deadline as possible – the following three key issues related to GDPR: How do organizations view the emerging challenges tied to information privacy and securi

GDPR 83
article thumbnail

Reddit discloses a data breach, a hacker accessed user data

Security Affairs

Reddit Warns Users of Data Breach. Reddit is warning its users of a security breach, an attacker broke into the systems of the platform and accessed user data. Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data. The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform.

article thumbnail

Facebook Removes 'Bad Actors' for 'Inauthentic' Activity

Data Breach Today

Social Media Company Stops Short of Blaming Russians Facebook said Tuesday that it had shut down 32 pages and accounts that it says were "engaged in coordinated inauthentic behavior" apparently designed to influence U.S. politics, but it stopped short of attributing the "bad actors" to Russia.

IT 145
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

GCHQ on Quantum Key Distribution

Schneier on Security

The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services (such as verifying identities and data integrity, establishing network sessions, providing access control, and automatic software updates) rely more on authentication and integrity mechanisms -- such as digital signatures -- than on encryption.

article thumbnail

[Podcast] Supporting Women in Information Management

AIIM

Consider the following stats about women in the workplace: When women are in senior executive positions, companies achieve 70% stronger stock price growth. Companies with the highest gender diversity see a 10% greater return on equity and 48% higher operating result. Having at least 1 woman on a board decreases bankruptcy by 20%. Gender diversity is so important in business, especially in fields such as IT that tend to be historically male-dominant.

article thumbnail

Using Blockchain for the Common Good – An Interview with Ashish Gadnis of BanQu

Information Governance Perspectives

We realized that current models for getting people out of poverty have failed. Those models have failed because they look at the ability to help people out of poverty separate from enabling people in poverty to participate in the supply chain.