Sat.Nov 24, 2018 - Fri.Nov 30, 2018

article thumbnail

Half of all Phishing Sites Now Have the Padlock

Krebs on Security

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “[link].

Phishing 278
article thumbnail

Propaganda and the Weakening of Trust in Government

Schneier on Security

On November 4, 2016, the hacker "Guccifer 2.0,: a front for Russia's military intelligence service, claimed in a blogpost that the Democrats were likely to use vulnerabilities to hack the presidential elections. On November 9, 2018, President Donald Trump started tweeting about the senatorial elections in Florida and Arizona. Without any evidence whatsoever, he said that Democrats were trying to steal the election through "FRAUD.".

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

When Do You Need to Report a Data Breach?

Security Affairs

The way in which you respond to a data breach has a significant impact on how severe its consequences are. Reporting an event is one action that can help. The number of data breaches that were tracked in the U.S. in 2017 totaled 1,579, a nearly 44.7 percent increase from the previous year. Data breaches, incidents in which personal information is accidentally or unlawfully stolen, lost, disclosed, accessed, altered or destroyed, can happen to organizations of any size and sector.

article thumbnail

Marriott's Starwood Reservation Hack Could Affect 500 Million

Data Breach Today

Database Intrusion Dates Back to 2014 The Marriott hotel chain has announced its Starwood guest reservation database has been hacked, potentially exposing up to 500 million accounts. The unauthorized access to the database started in 2014, the company says.

Access 237
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

Michigan is known as the Wolverine State in deference to the ornery quadruped that roams its wild country. However, after a recent visit to Detroit, Ann Arbor and Grand Rapids as a guest of the Michigan Economic Development Corp., or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. Related: California’s pioneering privacy law ripples through other states.

More Trending

article thumbnail

Knock-Knock Docker!! Will you let me in? Open API Abuse in Docker Containers

Security Affairs

Exploring the open API abuse for Docker Containers. Docker is a popular container product which has been adopted widely by the community. Preface. IT industry has seen quite a few transformations in last couple of decades with advent of disruptive technologies. Back in 2000, every aspiring student wanted to become computer /IT engineer, thanks to “.com” boom that was storming the IT industry back in those days.

Mining 111
article thumbnail

Two Iranians Charged in SamSam Ransomware Attacks

Data Breach Today

US Prosecutors Allege Pair Targeted More Than 200 Victims, Including Cities, Hospitals A federal grand jury has indicted two Iranians for allegedly waging SamSam ransomware attacks on more than 200 entities, including Atlanta and other municipalities and six healthcare organizations. They collected $6 million in ransoms and caused more than $30 million in losses to victims, U.S. prosecutors allege.

article thumbnail

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

Michigan is cultivating a collection of amazing cybersecurity training facilities, called Cyber Range hubs, that are shining models for what’s possible when inspired program leaders are given access to leading-edge resources, wisely supplied by public agencies and private foundations. As a guest of the Michigan Economic Development Corporation , I recently had the chance to tour the Pinckney Community High School Cyber Training Institute in a rural community outside of Ann Arbor, and the newly o

article thumbnail

Russian Hackers Haven't Stopped Probing the US Power Grid

WIRED Threat Level

Researchers warn that utilities hackers don't need to cause blackouts to do damage.

Security 111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Experts demonstrate how to exfiltrate data using smart bulbs

Security Affairs

Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration. The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0.

article thumbnail

UK Parliament Seizes Internal Facebook Privacy Documents

Data Breach Today

Bikini App Developer's Lawsuit Discovery Feeds Parliament's Facebook Probe A British lawmaker has obtained sealed U.S. court documents to reveal internal Facebook discussions about data security and privacy controls, as Parliament probes Facebook and other social media firms, as well as Russian interference and fake news.

Privacy 230
article thumbnail

MY TAKE: Why security innovations paving the way for driverless cars will make IoT much safer

The Last Watchdog

Intelligent computing systems have been insinuating themselves into our homes and public gathering places for a while now. But smart homes, smart workplaces and smart shopping malls are just the warm-up act. Get ready for smart ground transportation. Related: Michigan’s Cyber Range hubs help narrow talent gap. Driverless autos, trucks and military transport vehicles are on a fast track for wide deployment in the next five years.

IoT 133
article thumbnail

Special Counsel Robert Mueller's Endgame May Be in Sight

WIRED Threat Level

Recent developments in the special counsel investigation show indicate that things are about to heat up.

Security 112
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

327 million Marriott guests affected in Starwood Data Breach

Security Affairs

Starwood Data Breach – Hackers accessed the guest reservation system of the Marriot owned Starwood since 2014 and copied and encrypted the information. Marriott International is the last victim of a long string of data breaches, the company announced that hackers compromised guest reservation database at its subsidiary Starwood hotels and stolen personal details of about 500 million guests. “The company has not finished identifying duplicate information in the database, but believes

article thumbnail

Google Faces GDPR Complaints Over Web, Location Tracking

Data Breach Today

Search Giant's Pervasive Tracking Isn't Clear to Consumers, Groups Contend Consumer organizations in seven countries plan to file complaints alleging that Google is violating the EU's General Data Protection Regulation via its location, web and app activity tracking, in what could be a blow to the search giant's lucrative but data-hungry targeted advertising business.

GDPR 223
article thumbnail

GUEST ESSAY: 5 anti-phishing training tools that can reduce employees’ susceptibility to scams

The Last Watchdog

The vast majority of cyber attacks against organizations pivot off the weakest security link: employees. The good news is that companies today have ready access to a wide variety of tools that can simulate common types of attacks and boost employee awareness. Here’s a guide to five such services. PhishMe. This tool, from Cofense, proactively engages employees via simulated attacks based on real-time threats for various phishing tactics.

Phishing 113
article thumbnail

List of data breaches and cyber attacks in November 2018 – 251,286,753 records leaked

IT Governance

Last month I thought I’d try something new, so I focused on three stories rather than putting together a long list of breaches. It wasn’t a very popular approach. So the list is back. I count this month’s total of known leaked records to be 251,286,753. No particular stories stand out this month, but one thing I did notice is that there weren’t as many healthcare breaches as there normally are.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The SLoad Powershell malspam is expanding to Italy

Security Affairs

A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. sLoad is a sophisticated script, used in the past to deliver different types of malware such as the dreaded “ Ramnit banker”. “In the past months CERT-Yoroi observed an emerging attack pattern targeting its constituency.

article thumbnail

Dell, Dunkin Donuts Reset Passwords After Incidents

Data Breach Today

The Impacts of Both Incidents Appear to Be Limited Dell and Dunkin Donuts have both initiated password resets after experiencing separate security incidents aimed at gaining access to customer accounts. The impacts of the attacks, however, appear to be limited.

Passwords 221
article thumbnail

The Marriott Hack: How to Protect Yourself

WIRED Threat Level

Up to 500 people's personal information has been stolen in a Marriott hack that lasted four years, one of the biggest breaches yet.

Security 108
article thumbnail

Holiday Hacks: 6 Cyberthreats to Watch Right Now

Dark Reading

'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.

Phishing 108
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

North Korea-linked group Lazarus targets Latin American banks

Security Affairs

According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated.

article thumbnail

Another Healthcare Website Security Issue Revealed

Data Breach Today

Tandigm Health Reports Vulnerability in Physician Portal In yet another sign that website security issues are far too common in the healthcare sector, Tandigm Health says a vulnerability on a physician portal potentially exposed patient data.

Security 211
article thumbnail

Amazon Exposes Emails, Insurance Company Surveillance, and More Security News This Week

WIRED Threat Level

A USPS data leak, Windows passwords go bye-bye, and more security news this week.

Insurance 107
article thumbnail

Dunkin' Donuts Serves Up Data Breach Alert

Dark Reading

Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

US Government is asking allies to ban Huawei equipment

Security Affairs

US Government is inviting its allies to exclude Huawei equipment from critical infrastructure and 5G architectures, reports the Wall Street Journal. The Wall Street Journal reported that the US Government is urging its allies to exclude Huawei from critical infrastructure and 5G architectures. The United States is highlighting the risks for national security in case of adoption of Huawei equipment and is inviting internet providers and telco operators in allied countries to ban Huawei.

article thumbnail

Uber Fined $1.2 Million in EU for Breach Disclosure Delay

Data Breach Today

Credential Stuffing Attack Cracked Uber's Amazon S3 Buckets, Investigators Say Uber has been slammed with $1.2 million in fines by U.K. and Dutch privacy regulators for its cover-up of a 2016 data breach for more than a year. The breach exposed millions of drivers' and users' personal details to attackers, whom Uber paid $100,000 in hush money and for a promise to delete the stolen data.

article thumbnail

How Cyber Essentials can help secure against malware

IT Governance

The Cyber Essentials scheme is a world-leading assurance mechanism for organisations of all sizes to help demonstrate that the most critical cyber security controls have been implemented. To highlight the importance and usefulness of the Cyber Essentials scheme, we’ve produced a series of blog posts summarising each of the five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”.

Security 103