Security Affairs

OCTOBER 31, 2018

Ahead of the 2018 US midterm elections , sellers are flooding the cybercrime underground markets with data from voter databases. Experts at cybersecurity company Carbon Black found tens of different state voter databases available for sale on the dark web. “Carbon Black researchers found 20 different state voter databases available for purchase on the dark web, several from swing states.” reads the report published by Carbon Black. “Critical information in these offerings inc

Sales 111

Sales Cybersecurity Government Marketing 111

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works. A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones.

Phishing 245

Phishing Passwords IT 245

The Last Watchdog

NOVEMBER 1, 2018

Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Related: Why a ‘zero-trust’ approach to security is necessary. One recent validation comes from two long established, and much larger cybersecurity vendors – Check Point and Palo Alto Networks – that have recently begun integrating Silverfort’s innovative MFA solution into their respective malware detection and

Authentication 113

Authentication Digital transformation Military IoT 113

Data Breach Today

NOVEMBER 2, 2018

Hotel Giant Has Yet to Disclose Total Number of Affected Victims Radisson Hotel Group has suffered a data breach that resulted in the theft of data for its global loyalty program members. The company, which operates 1,400 hotels, says the breach touched data for "less than 10 percent" of all Radisson Rewards members, but it hasn't released a victim count.

Data breaches 246

Data breaches IT 246

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

NOVEMBER 1, 2018

0x20k of Ghost Squad Hackers has released the full source code of the 0day exploit used to targeting Apache Hadoop and build the FICORA Botnet. In direct response to the publication of Radware’s analysis of the new discovery of the DemonBot malware strain effecting Hadoop clusters earlier the week, October 25th, 2018, 0x20k of Ghost Squad Hackers has released the full source code of the 0day exploit used to build his newest model; the FICORA Botnet. 0x20k, who is also credited as the autho

e-Discovery 112

e-Discovery Passwords Security Education 112

The Last Watchdog

OCTOBER 29, 2018

The United States has experienced the most cybersecurity breaches in the world and the Equifax Breach was one of the first to be considered a “mega breach.”. The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax’s chief information security officer was a music major and did not have a background in technology.

Security 164

Security Data Privacy Privacy Data breaches 164

Data Breach Today

OCTOBER 31, 2018

Attackers Send a Leaked Password as 'Proof' Victim Was Hacked Scammers behind an ongoing "sextortion" campaign have been emailing a legitimate password - likely from a publicly leaked list - to victims with a threat to release a compromising video of the recipient unless they pay up in bitcoins, Barracuda Networks warns.

Passwords 242

Passwords 242

Security Affairs

NOVEMBER 1, 2018

Iran’s strategic network was hit by a new destructive and sophisticated version of the Stuxnet cyber weapon, the Hadashot TV reports. According to the Hadashot TV, Iran’s strategic network was hit by a destructive malware-based attack hours after Israel revealed the Mossad had thwarted an Iranian murder plot in Denmark, and days after Iran’s President Hassan Rouhani’s phone was tapped.

Government 111

Government Paper Security IT 111

WIRED Threat Level

OCTOBER 31, 2018

A series of high-profile cases involving alleged Chinese recruits shows how the country identifies and develops potential spies stateside.

Security 111

Security 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

IT Governance

OCTOBER 30, 2018

Rather than posting the usual long list of data breaches and cyber attacks, I’ve decided to go down a new route. These monthly blogs will now look at three lesser-known stories in detail, as well as give a total number for all records exposed in the month. It’s been the usual mix of data breaches this month, with lots of mistakes being made and lots of ransoms being paid.

Data breaches 105

Data breaches Computer and Electronics Passwords Insurance 105

Data Breach Today

OCTOBER 29, 2018

Paras Jha Launched DDoS Attacks Against Rutgers, Ran Click-Fraud Botnets One of the co-authors of the devastating Mirai botnet malware has been sentenced to home incarceration and community service, and ordered to pay $8.6 million in restitution, for his role in a series of damaging distributed denial-of-service attacks that disrupted operations at Rutgers University.

232

232

Security Affairs

OCTOBER 30, 2018

A few hours after Apple released iOS 12.1 the iPhone bug hunter Jose Rodriguez has found a new passcode bypass issue that could be exploited to see all contacts’ private information on a locked iPhone. “Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass bug in the latest version of its iOS mobile operating system, iOS 12.1, released by Apple today.” reads a post published by THN.

Access 111

Access Security IT 111

WIRED Threat Level

NOVEMBER 2, 2018

How to find accurate voting information for the midterm elections.

Security 111

Security 111

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

IT Governance

OCTOBER 30, 2018

Rather than posting the usual long list of data breaches and cyber attacks, I’ve decided to go down a new route. These monthly blogs will now look at three lesser-known stories in detail, as well as give a total number for all records exposed in the month. It’s been the usual mix of data breaches this month, with lots of mistakes being made and lots of ransoms being paid.

Data breaches 105

Data breaches Computer and Electronics Passwords Insurance 105

Data Breach Today

OCTOBER 31, 2018

Ransomware-as-a-Service Operation Joins Forces With Fallout Exploit Kit A slick ransomware-as-a-service operation called Kraken Cryptor has begun leveraging the Fallout exploit kit to help it score fresh victims, researchers from McAfee and Recorded Future warn. Absent offline backups, victims have little chance of recovering from its crypto-locking attacks.

Ransomware 227

Ransomware IT 227

Security Affairs

NOVEMBER 2, 2018

A cyber attack on a French firm Ingerop allowed attackers to access confidential documents related to nuclear power plant plans in France. The hacker stole more than 65 gigabytes of documents back in June, the huge trove of documents includes nuclear power plant plants and blueprints for prisons and tram networks. According to the media, some of the stolen data were found on a rented server in Germany. “Thousands of sensitive documents pertaining to nuclear power plants, prisons and tram n

Access 111

Access Security 111

WIRED Threat Level

OCTOBER 29, 2018

"Sealed sender" gives the leading encrypted messaging app an important boost, hiding metadata around who sent a given message.

Metadata 110

Metadata Encryption Security 110

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Schneier on Security

NOVEMBER 1, 2018

This is not surprising : This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were before­ -- dispersed, disorganized, and susceptible to manipulation.

Security 102

Security IT 102

Data Breach Today

OCTOBER 29, 2018

Sorting Out What Kinds of Incidents Are Most Common This Year What kinds of health data breaches have been most common so far in 2018? An analysis of the official HHS breach tally reveals the latest trends, and security experts offer an analysis.

Data breaches 219

Data breaches Security 219

Security Affairs

NOVEMBER 2, 2018

Security experts from CISCO warn of a zero-day vulnerability that is being actively exploited in attacks in the wild. The flaw, tracked as CVE-2018-15454, affects the Session Initiation Protocol (SIP) inspection engine of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD). The flaw could be exploited by a remote attacker to trigger a DoS condition on the vulnerable device. “A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adapti

Security 111

Security Access IT 111

WIRED Threat Level

NOVEMBER 1, 2018

Interviews with over a dozen current and former Google employees highlight a commitment to privacy—and the inherent tensions that creates.

Privacy 110

Privacy Security 110

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Threatpost

NOVEMBER 1, 2018

Weighing the impact of GDPR and how the historic legislation has shaped privacy protection measures in the U.S., so far.

GDPR 102

GDPR Privacy Insurance Government 102

Data Breach Today

NOVEMBER 1, 2018

Scheme Sought to Steal Data on Turbofan Engines, Saving on Development Costs The Justice Department says two Chinese intelligence officers and eight others were indicted for stealing trade secrets that are intended to help the country shortcut technology research. The indictment comes as tension over intellectual property hacking has risen between the U.S. and China.

212

212

Security Affairs

OCTOBER 28, 2018

Researchers at Cymulate security firm devised a new stealthy technique to deliver malware leveraging videos embedded into weaponized Microsoft Office Documents. The technique could be used to execute JavaScript code when a user clicks on a weaponized YouTube video thumbnail embedded in a Weaponized Office document. Experts pointed out that no message is displayed by Microsoft Office to request the victim’s consent. “Cymulate’s research team has discovered a way to abuse the Online Vi

File names 111

File names Phishing Security IT 111

WIRED Threat Level

OCTOBER 27, 2018

It may never be clear why Robert Bowers chose to carry out a violent attack. But his social media activity mirrors an increase in anti-Semitism on the internet.

IT 110

IT Security 110

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

AIIM

OCTOBER 30, 2018

No matter what industry you are in, audits are stressful. Many of your company’s processes and documents must be analyzed to make sure you are compliant and up to standard. That means the auditor is going to need to see a lot of paperwork. If you currently use filing cabinets, inboxes, and hard drives to store your documents, then an audit is likely your worst nightmare.

Archiving 100

Archiving Access Education Compliance 100

Data Breach Today

NOVEMBER 1, 2018

Organizations Must Comply With Data Breach Reporting Requirements or Face Fines Private sector organizations in Canada must now report all serious data breaches to the country's privacy watchdog as part of revised rules to Canada's PIPEDA privacy law. Violators face fines of up to $100,000 for every breach victim they fail to notify or breach they attempt to hide.

Data breaches 208

Data breaches Privacy 208

Security Affairs

NOVEMBER 2, 2018

Austal, a top Australia defence firm reports also working with the United States Navy has suffered a serious security breach. Austal, a top Australia defence firm reports working with the US Navy has suffered a serious security breach, hackers accessed to personnel files and that it was the subject of an extortion attempt. Austal reported the data breach to the Australian Securities Exchange (ASX) on Thursday evening, it also notified affected “stakeholders” “Austal Limited (

Security 111

Security Data breaches Sales Manufacturing 111